February is always a big month for the CA as we hold our Annual Conference…
CA Affiliate member, Lawyer Checker, looks at the rise and rise of ransomware.
Fraudsters are remarkably adept at escaping fraud prevention methods you put in place, particularly when large sums of money are at stake. Only one or two law firms need to be duped to ensure cyber criminals walk away with millions. Every single firm is vulnerable to cyber attacks which can take many different forms, however this article will specifically examine how ransomware has developed to catch out even the most vigilant firms.
So first of all, what is Ransomware?It is a type of software embedded into a computer system which encrypts all of the files, and in doing so, cuts your firm off from all valuable and confidential client data.
Ransomware is easy to use, low risk and offers high reward according to Bart Parys, a security researcher who helps maintain a list of the growing variations of this type of malware. Mr Parys and his colleagues have accounted for 124 separate variants of ransomware. Some strains are controlled by individual gangs, whilst others were being used by people buying the service from an underground market.
Anyone connected to the internet has significant potential of being targeted by ransomware. According to the Counter Threat Unit at Dell SecureWorks, a single ransomware program called CyrptoWall infected over 600,000 computer systems in just six months and, in doing so, took five billion files hostage. A further study also found that over a third of UK companies have either been personally held to ransom by hackers, or know someone that has had their networks infected by ransomware.
Risk awareness is one of the most integral forms of protection and all members of staff need to be fully trained on recognising and preventing scams. Part of your risk management process should ensure that staff are told that access or security information should never be given to anyone via email or telephone – no matter how genuine they may seem.
It is not just clients that you need to vet carefully, but also your business partners. Getting to know clients and associates is crucial, so even the slightest discrepancy will be very apparent. Fraudsters have the ability to recreate websites and emails, as though from a familiar source, but a person’s recognisable traits are easier to verify.
Larger firms may argue that only sole practitioners and smaller firms are at risk, as they lack the level of IT support available to those in major law practices. Ultimately, this results in them becoming complacent and less prepared to guard against ransomware attacks and recover potential losses which may occur.