The Risk Manager, Summer 2014
Cryptolocker
Cryptolocker is a ransomware virus threat to lawyer files and wallets. It is estimated that law firms and businesses have lost millions of dollars to this scam. The December 2013 LAWPRO Magazine featuring “Cyber Crime and Law Firms” describes ransomware as follows:
Ransomware infections are becoming much more common recently and are usually spread by infected email attachments or Website links that trigger a download. The most common type, Cryptolocker, will scramble all the data files on your computer with virtually unbreakable encryption. You learn you are infected when a pop-up window tells you that your data has been scrambled and will be deleted unless you pay a ransom within a very short period of time, typically 48 hours or so. The ransom is typically in the range of $100 to $300 and payable only in Bitcoins, a type of virtual currency that makes payments untraceable. It is a relatively low amount so you have an incentive to pay it as a nuisance; but as you are dealing with criminals, paying it does not guarantee that you will get your data back.
A North Carolina firm was victimized earlier this year by Cryptolocker. The firm was targeted using email with an attachment. Upon opening the attachment the virus immediately began encrypting thousands of documents making them inaccessible to the firm. The hackers demanded $300 within three days to provide the code to unlock the files. After trying to solve the problem without success, the firm attempted to pay the ransom but time had time ran out and could not get the release code. Fortunately, the firm had backup systems.
We are unaware of any Kentucky lawyers victimized by Cyberlocker, but the chances are good that there are some. Given the great variety of computer systems used by lawyers we can only give the following general risk management advice gleaned from several sources. For a comprehensive treatment of computer security risk assessments for law firms see Cybersecurity Standards and Risk Assessments for Law Offices: Weighing the Security Risks and Safeguarding Against Cyber Threats by David Z. Bodenheimer and Cheryl A. Falvey. Just Google the article title. (last viewed 6/23/14)
Cyber Attack Risk Management Considerations:
- Use computer-security software to block suspicious emails – be sure to update regularly.
- Never open attachments from a source you don’t recognize.
- Require all firm members to be especially vigilant before downloading photos or PDF files even if apparently from known sources to avoid downloading an executable file that could download malware.
- Establish off-site data backup systems and procedures for alternate access to the network.
- Back up and archive all files nightly in an off-line system that is not connected to the vulnerable main office system. Some firms nightly back up all files on tape and lock the tapes in a fireproof safe in the office. They then further back up the files in off-site storage– usually in the Cloud.
- Include home computers, laptops, and smart phones in office cyber security programs.
- Review computer system backup architecture and file-sharing architecture to assure that a single event of a malware download cannot infect both the main system and backup systems.
For additional risk management considerations for Cyberlocker and other malware read The LAWPRO Magazine: December 2013 at: (http://practicepro.ca/lawpromag/LawproMagArchive.asp) (last viewed 6/23/14)
It is an excellent source for reviewing the cyber risks of your firm. It contains useful guidance for protecting your practice from being held up for ransom.
Editor’s Note: Federal authorities recently stopped the primary hacker using Cryptolocker, but as the following paragraphs show ransomware remains a major risk.
Ransomware Hits iPhones and iPads in Australia
ABC Internet News reported on May 28, 2014 that a hacker with the name “Oleg Pliss” locked up iPhones and iPads in Australia and sent ransom messages demanding payment to unlock them. Especially alarming is that hackers may now be able get iCloud credentials from these devices and get to data stored or backed up on the Cloud by the device owner.
This new development in cyber crime reinforces the urgency required in establishing risk management procedures that protect firm backup systems from penetration through any office or home computer or electronic device used by a firm for communication.