Law Firm Cyber Risk Ransomware – A Threat to the Legal Profession

“Data breaches and cyberthreats involving or targeting lawyers and law firms are a major professional responsibility and liability threat facing the legal profession. As custodians of highly sensitive information, law firms are inviting targets for hackers. …the data security threat is so high that law enforcement officials regularly divide business entities into two categories: those that have been hacked and those that will be.” ABA Formal Opinion 483 – Lawyers’ Obligations After an Electronic Data Breach or Cyberattack

I. Law Firm Cyber Risk Ransomware – Ransomware Explained

Ransomware is a type of malware, which is any software that’s designed to damage a computer, server, client, or computer network. Other types of malware include computer viruses, worms, Trojan horses, spyware, etc.

A ransomware attack, is one in which hackers encrypt a target’s computer files, and threaten to either publish the target’s data or perpetually block access to it, they’re paid a ransom. The target is usually a business or government agency.

A properly executed ransomware attack is ‘the perfect crime’. It’s virtually impossible for a victim to decrypt its computer files without the decryption key. Only the hacker has the key, and the only way for the victim to obtain it, is to pay the ransom. Further, sophisticated hackers will accept only Bitcoin or another cryptocurrency as payment, which is virtually impossible to trace.

II. Law Firm Cyber Risk Ransomware – How a Ransomware Attack Is Carried Out

A ransomware attack is typically carried out by email. The hackers trick a user in the target organization, into either clicking on a link or downloading an attachment, which looks legitimate, but actually contains malware. As soon as the user opens the file, the malware attacks, encrypting the user’s computer files first, and then spreading throughout the organization. 

The victim then receives a message that its files will be inaccessible, until the ransom is paid. The hackers may further threaten to make the victim’s files public, unless the ransom is paid, thus possibly exposing a business’ trade secrets or customer data, a hospital’s patient medical records, etc.

According to survey commissioned by IT security vendor Sophos, the average cost to remediate a ransomware attack (including downtime, staff time, device cost, network cost, lost opportunity, etc.) is $732,520. 96% of organizations that paid the ransom, got their data back.

III. Law Firm Cyber Risk Ransomware – Attacks Against Law Firms

In Ransomware Attackers Take Aim At Law Firms, Forbes Magazine reported:

“…law firms are increasingly an attractive target because of the nature of their business…law firms…collect tons of confidential corporate information and sensitive data like tax returns. They can suffer reputational and financial losses if they are breached, especially if data is exposed. Average ransomware payouts exceed $1 million.

…law firms tend to be more vulnerable than other types of businesses. A report released in May by security firm BlueVoyant, found that 15% of a global sample of thousands of law firms showed signs of compromised networks, and all firms were subject to targeted threat activity.

The first prominent ransomware attack on a law firm was DLA Piper in 2017. Since then, there have been a number of high-profile attacks on firms, including the MAZE ransomware attack that threatened to leak data if the ransom wasn’t paid and the October 2020 attack on Chicago law firm Seyfarth Shaw. Earlier in the year, five law firms were targeted in a wave of ransomware attacks that included Texas firm Baker Wotring, whose data was released publicly in a “full dump.”

Probably the most notorious case was last May, when a cybercriminal gang calling itself “REvil” stole nearly a terabyte of data from the New York law firm Grubman Shire Meiselas & Sacks, an entertainment law firm with prominent clients. They initially demanded $21 million, and later doubled it to $42 million, and published over 2 gigabytes of Lady Gaga’s contracts and other data on the dark web as proof of compromise. After finding files related to President Donald Trump, they doubled the ransomware price and later published 169 emails related to Trump.”

IV. Law Firm Cyber Risk Ransomware – How To Prevent a Ransomware Attack

The FBI offers these tips to prevent a ransomware attack:

The best way to avoid being exposed to ransomware—or any type of malware—is to be a cautious and conscientious computer user, careful about downloading files and clicking on links. 


  1. Hyperlinks – Before clicking on a link in an email, hover over it with you mouse, to see the actual URL where you will be directed upon clicking on it. If it’s ‘brand name’  website with a misspelling, for instance, don’t click on it.
  2. Attachments – If you see an attachment in an email you weren’t expecting or that doesn’t make sense, don’t open it! It may contain ransomware or another virus. The only file type that is always safe to click on is a .txt file.
  3. Unusual Sender  Whether it looks like it’s from someone you don’t know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in, general don’t click on it.

Other tips:

  • Keep operating systems, software, and applications current, including enabling automatic updates released by Microsoft, Apple, etc.
  • Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
  • Back up data regularly and double-check that those backups were completed.
  • Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
  • Create a continuity plan in case your business or organization is the victim of a ransomware attack.

The Cybersecurity and Infrastructure Security Agency (CISA), part of the US Department of Homeland Security, recommends using multi-factor authentication, backing up data, and keeping software patched and maintained, along with training employees on best security practices.

Too, companies should use secure cloud repositories to host their own data, and carefully vet those vendors that store the data.

V. Law Firm Cyber Risk Ransomware – How a To Respond to A Ransomware Attack

Firms should have a plan for what they will do in the event of a ransomware attack. It should answer these questions:

When do we pay?
When do we not pay?
If we pay, who will negotiate for us?
What does our insurance cover?
How do we shore up our defenses?

Also, demand proof that the attackers aren’t just spoofing an attack, and that they have the data they say they have and can decrypt the impacted data. If your firm has cyber insurance, determine if the policy cover ransom payouts and, if so, up to what amount.

VI. The Role of Cyber Insurance

According to the report by Sophos mentioned above: “cybersecurity insurance pays the ransom. For those organizations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays.”

VII. Further Reading

Ransomware: What It Is & What To Do About It 

The National Cyber Investigative Joint Task Force Releases Ransomware Fact Sheet

FBI, This Week: Advocating Against Ransomware Payment Demands

How to Protect Your Law Firm from Ransomware 

Ransomware Attacks Hit Three Law Firms in Last 24 Hours

Celeb Law Firm Refuses Hacker Ransom as Lady Gaga Files Leak

The Growing Threat of Ransomware: How to Protect Your Firm

ABA 2020 Cybersecurity Report

Your New Job Is Chief Risk Officer

FBI Internet Crime Complaint Center

Print Friendly, PDF & Email