Law firms facing “astronomical ransom demands” from cyber-attackers


Cyber attacks: Legal sector increasingly attractive target

The legal sector has faced “astronomical ransom demands” from cyber-attackers in recent years, ranging from $30,000 to $21m, according to new research.

It said that, since 2018, 138 law firms globally have publicly confirmed ransomware attacks on their systems, impacting at least 2.9 million records. Most of these were in the US, with the UK the next worst affected.

Last year saw the highest number of attacks (45) and records affected (1.6 million) so far, said Comparitech, a cyber-security research and information website that maintains a worldwide ransomware tracker.

Head of data research Rebecca Moody wrote in her report the legal sector was “an increasingly attractive target for cyber-criminals”.

She explained: “With troves of sensitive data, hackers can shore up their chances of securing payment by threatening to put solicitors’ clients’ data on the dark web if their ransom demands aren’t met.”

Ms Moody said a growing number of ransomware gangs were using “double-extortion tactics” by stealing data and encrypting systems.

“The legal sector has faced astronomical ransom demands in recent years. The average ransom demand following an attack on a legal firm is $2.47m, but the average ransom paid is lower at $1.65m.”

The company’s research uncovered ransoms from $30,000, paid by Parisien law firm Cabinet Remy Le Bonnois in 2021, to $21m demanded of New York firm Grubman Shire Meiselas & Sacks after being hit by REvil ransomware.

This was later upped to $42m when the gang realised that Donald Trump’s data was among that stolen, but the firm refused to pay.

Among the largest ransoms known publicly was the $3m demanded of North-East law firm Ward Hadaway.

“After Lorenz ransomware gang targeted the UK law firm in March 2022, a $3m ransom was demanded. It threatened to post the data online and double the ransom demand to $6m if these demands weren’t met,” said Ms Moody.

“The firm successfully secured an injunction against its attackers preventing them from leaking the data. How successful this was against anonymous hackers, however, is debatable.”

Information about how many firms actually paid ransoms was hard to secure, she said. “Although the legality of paying a ransom is heavily debated, it is often the quickest way for companies to restore their systems and limit the impact of a data breach.

“Preventing companies from paying ransoms may help to ward off hackers to some extent but it is only part of the potential solution.

“For example, the UK’s Cyber Security and Resilience Bill could enforce mandatory reporting of ransomware attacks. Making sure companies are reporting attacks will help raise awareness and knowledge of these attacks and will perhaps reduce the ‘taboo’ that so often surrounds the word ransomware.

“It would also ensure anyone whose data has been impacted in a ransomware attack is aware of this from the offset.”

The five firms that had the most records stolen were all in the US and each then faced class action lawsuits.

The research indicated that spikes in attacks coincided with the end/start of tax years in many countries.

“Legal firms, especially those within the commercial sector, will likely experience higher workloads and tighter deadlines during this time, as well as the pressure of finalising their own budgets.

“Our research suggests ransom payments may also be more likely during these times. Out of the six legal organisations that confirmed paying a ransom, five of them made payments between January and April.”

The research only identified 11 cases where there was confirmed downtime at firms as a result of an attack, ranging from hours to four weeks, with an average of 11 days.

“In some cases, the effects of such downtime can be catastrophic. In March 2022, London-based The Ince Group was hit with a LockBit ransomware attack. The firm spent £5m restoring its systems before it filed for administration in April 2023 after failing to raise enough funds to cover the costs of the cyber attack and other shortfalls.”




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog


Succession (Season 5) – Santa looks to the future

It’s time for the annual Christmas blog from Nigel Wallis, consultant at Legal Futures Associate O’Connors Legal Services.


The COLP and management 12 days of Christmas checklist

Leading up to Christmas this year, it might be a quieter time to reflect on trends, issues and regulation, and how they might impact your firm.


The next wave of AI: what’s really coming in 2025

The most exciting battle in artificial intelligence isn’t unfolding in corporate labs; it’s happening in the open-source community.


Loading animation