The Ransomware Attack On Your Firm Is Coming And You’re Probably Not Prepared

It’s a healthy instinct to harbor a good deal of skepticism in this world. That holds doubly true when it comes to the style of overhyped, “Which brand of soda will give your kids syphilis?” headlines that local news outlets use to stir up anxious suburbanites. So when discussing the threat of cyberattack, it’s easy to dismiss the constant barrage of threatening headlines — not unlike the headline to this article — as overblown.

Unfortunately, clients and law firms would do so at their peril. While anonymous cyberattacks may not be the biggest threat out there — getting cheated by your own is still more prevalent — its unpredictability makes it more terrifying.

There was a day when firms and clients had to worry about hackers invading their systems to steal sensitive business data and sell it to the highest bidder. But today, the easiest assault on a computer system is ransomware — a debilitating attack where an anonymous belligerent forces you to pay them to get your system back.

And it’s not a problem that only plagues large firms. Smaller firms can also become a repository of sensitive data, from corporate intellectual property to personal financial information used in writing wills and trusts. Nobody’s immune.

Indeed, ransomware doesn’t even need to find some sensitive data. Newer attacks go after the master boot record and basically brick computers until the owner pays the ransom. Who needs a specific file when threatening to grind billable hours to a halt for days on end does the trick?

Why has ransomware become the primary cyber threat out there? Antonio Challita, Director of Product Management at CyberSight, points to four primary factors:

1) Payment: The key to any transaction is finding the buyer most interested in what you’re selling. When it comes to stolen goods, who could want those goods more than the person who got robbed in the first place? Shopping illicit merchandise around the dark web introduces more players and more risk, while dealing with one party greatly improves the odds of getting paid quickly and quietly.

2) The US Government: In 2017, Shadow Brokers gave the world access to the tools the NSA had been using to break into Windows devices. The WannaCry attack was born of these tools and the Petya attack the next month managed to cripple some Biglaw firms.

3) Cryptocurrencies: Thanks to a bunch of libertarian-minded tech nerds, we’ve now got a virtually untraceable means of exchange that hackers can request to make their getaway complete. According to Challita, some ransomware attacks even come with a guide instructing the clueless company or firm on how to set up a wallet and purchase the appropriate cryptocurrency. How helpful!

4) Ransomware as a service: The check on cyberattacks used to be the tech savvy of the criminal. Today, enterprising techies have built a new business allowing any fraudster with a dream to join the exciting world of cybercrime. The Dark Web boasts a few services allowing someone interested in launching an attack against a vulnerable target to acquire a new, previously unseen ransomware variant that no anti-virus service is prepared to detect. The service provider will also give the customer all the phishing leads they need to dupe someone into kicking things into motion. All they ask in return is a share of the profits, usually around 30 percent.

All these people need is an unupdated Windows device and a dream.

Attacks usually enter the system through a pfishing email, fooling someone into clicking on a zip file or pdf or some other file that kicks off a sequence of events that results in opening the door for the malicious program, but these are by no means the only points of entry. USB drives with a bad case of computerized gonorrhea are another dangerous vector that can easily befall attorneys, but the most threatening for firms has to be a vulnerability in remote desktop applications. Remotely accessing an office desktop is part of the daily business routine for many lawyers, but these access points aren’t always kept secure — and some 10 million computers broadcast open ports — which are easily searchable — at any given moment. Once an open port is identified via search engine, it just takes a brute force password checker to get into the system and give the attacker the run of your computer — and by extension, network.

Staying ahead of these attacks requires vigilance and strategic thinking. Keeping systems up-to-date with the latest patches keeps hackers from leveraging known exploits and antivirus software can keep a constant eye out for the electronic signatures of known attacks. Training employees not to do incredibly dumb stuff, like open obviously fake emails is a smart move too. But one option that Challita and CyberSight focus on that many companies don’t think about is taking a proactive approach to policing the network.

While antivirus software monitors for the signatures of known threats, it can’t deal in real-time with fresh, first impression attacks like those constantly evolving in the Dark Web incubators. That’s why Challita recommends a behavior-based security approach that uses machine learning to identify threats based on what the file is trying to accomplish. If an email attachment tries to get at a huge number of files quickly, or an unexpected file starts encrypting files, a behavior-based approach can reach out and shut it down, placing a quarantine on the suspicious file until someone can check it out.

Cyberattacks just aren’t science fiction anymore. But recognizing the need to take steps now, before an attack, to keep themselves and their clients secure, can save a firm from becoming the next embarrassing headline.

This article originally appeared on