page contents

Ransomware targeting law firms a big problem

There is a new age of virus activity called ransomware that is attacking businesses — and law firms in particular — that is no longer containable by antivirus software or firewalls so it’s essential that firms educate their employees about the risks, says DSM Computing Solutions Inc. founder and CEO Sheldon Waters.

“We are seeing this happen on an almost weekly basis — users are clicking on these emails and firms are infected with viruses,” he tells AdvocateDaily.com. “The way these viruses are being distributed is by users clicking on emails that look like real emails from their bank or Apple or Amazon. It’s really bad."

The ransomware virus encrypts the data on all your computer systems and makes it unusable. A message will pop up demanding you to pay a ransom to some unknown entity in order to get “the key" to un-encrypt your data, Waters explains.

“The new attack is at the user and this means that proper training and awareness has never been more crucial,” he says. “It’s important that firms have a strategy to help educate users and prevent this from happening. If they haven’t been hit already, it’s just a matter of time.”

Waters describes these viruses as “very nasty” and says that often people who have been hit with them feel as if they have no choice but to pay the ransom to gain access to their data.

“And the more excruciating part of it is that the ransom that you have to pay is with something called Bitcoins, an Internet-based currency. It’s complex to obtain and to transact with Bitcoins. That being said, once you pay these people you’re like a sitting duck. Two or three months later they will come back and hit you again because they know that you’ll pay them.” 

Waters says when DSM is called in to deal with one of these viruses, the technology company does not pay the ransom and instead, attacks the virus to shut it down to enable for the restoration of the data. 

“There’s no way you want to be kept in the pond of available targets for them to go after,” he says. 

In this environment of viruses, backing up to an offsite system is more important than ever before, he adds. 

“Many lawyers, especially in the smaller firms, backup their data onto a separate hard drive that they plug in and if that hard drive is visible to that computer, the virus will get the hard drive too,” he says. 

Waters says the best way law firms can protect themselves is through training employees how to identify a fake email and not click on it. 

DSM has introduced a new education and testing service to help firms train employees how to recognize risky emails.