At the end of each year, the organizations publishing dictionaries release terms that will be included in their next editions. Terms that would have been nonsensical just years ago become commonplace. One word has been hiding just below the surface of our everyday conversation. It is terrifying in terms of scope and mortifying in terms of transmission. I speak of the word “ransomware.”
Those who have encountered this technological scourge undoubtedly wince at the mere mention of ransomware. It is the type of infection about which you hear horror stories from others and hope it never happens to you or your business. Hours, if not days, of downtime. Data loss, functionality loss and the realization that your business has become compromised. These are only some of the costs of a successful ransomware cyberattack.
The cornerstone of the legal industry is confidentiality. Any potential breach or interference with that confidentiality keeps people up at night. Now, it appears, law firms are directly being targeted by those who distribute ransomware.
Bar associations from several states (New York, Texas, Pennsylvania, Maryland, Florida) are reporting that attorneys are receiving emails purportedly from “The Office of the State’s Attorney.” The emails claim that a complaint has been filed against the firm. There are other reports of times when the subject line simply stated, “See you in Court."
Any rational person would quickly open such an email and download the attached .pdf document or compressed file to investigate such a claim. Therein lies the issue, the .pdf document or compressed file includes a hidden executable file designed to launch an application to encrypt all data on the workstation and data on any mapped drives. Once encrypted, you cannot access those documents. A webpage and text document are then created in each encrypted directory that will direct you to a webpage with instructions on how much money you must pay to maybe decrypt your data.
Now that we know what the problem looks like, how does one protect against this sort of trouble?
- The weakest link in any security process is people. The path to disaster is sometimes paved with good intentions. Fortunately, training will help mitigate most threats. Taking a moment to evaluate emails, will save you pain. Look closely at the sender’s email address. Most important, if you don’t know or trust who sent the email, do not open the attachment!
- Most firms use some sort of spam filtering to battle mailbox bloat. Used properly, spam filtering can be a critical asset in fighting and preventing malware infections. Ransomware is typically transmitted in compressed, or zip, files. It is recommended to block the transmission and reception of these files via email. Some are opposed to the blocking compressed files. Nowadays, law firms should utilize file-sharing services to upload and download data between individuals rather than compressing and emailing large files. Citrix Sharefile, for example, is a private, HIPAA-compliant service that uses encryption when transferring data.
- You are likely thinking to yourself, “Shouldn’t my [insert antivirus program name here] catch this before it gets bad?” Tragically, the answer is a resounding no. Practically all antivirus software on the market looks for specific file extensions or names to flag as harmful. While such solutions do help with most virus issues, malware and ransomware go largely undetected. There is a change in how antivirus programs are being designed and implemented. Rather than looking at file names to detect a threat, software is now looking at behavior on the computer. In its own way, it asks questions like, “What is this file doing on the computer?” “Is this file creating additional files or processes?” “This new generation of antivirus software is potent and powerful.” SentinelOne, for instance, has the ability to learn what processes are safe on a daily basis in your company. Further, it can instantly isolate a computer that may have contracted ransomware, preventing damage to network resources.
- Preventative measures aside, it is essential for any business to have and maintain backups of your data. To be clear, not an external hard drive on your local computer that is the “H:\” drive. I am referring to backups of your servers and data that runs at least once a week and appended multiple times a week. If your system is hit with ransomware, restoring from backup is the only way to recover from the infection completely. One can never have too many backups.
Those who create computer viruses, malware and ransomware are getting more and more creative. What was once simply an annoyance is now becoming a moneymaking venture for those who would do harm. Training and putting safeguards into place to prevent these sort of infections is essential to uninterrupted workflow and data security. An ounce of prevention can keep you from paying a ransom.