This attack on a mid-sized law firm was typical of most phishing attempts today: a user inadvertently clicked on a link in an email that seemed legitimate, unleashing malware that began to attack the firm’s file-shares first.

Lessons Learned: Phishing and Ransomware at a California Law FirmPhishing attempts are run by automated machines that harvest email addresses from published locations and then send out mass emails – upwards of 10,000 to 20,000 emails per hour – and then wait for someone to click a link. One click often equals one infection, so the return on the investment of purchasing the email list is lucrative. Unfortunately, these entities do not care how large or small the firm is. Every firm has potential for payoff.

The law firm identified the attack early when services like remote access, file access, accounting and printing started to fail. Protections that had been put onto servers worked to shield some data through purposeful data encryption at the SAN level, but the firm’s operating systems were corrupted on the server side. Adding to the challenge, the firm had a long-term contract for backup services from a third-party provider that Innovative Computing Systems did not manage. The firm discovered that this managed services provider was not providing regular backup services as promised.