Ransomware: The Growing Threat to Law Firms

Law firms increasingly at risk

Cyberattacks present a growing threat to legal firms. The Coveware Quarterly Ransomware Report noted that the Professional Services industry, specifically law firms, are increasingly succumbing to encryption ransomware and data exfiltration extortion attacks.

In addition, the FBI Cyber Division indicated they’d seen a 400% increase in reported cyberattacks since the beginning of the pandemic. It is believed that the rise of remote and hybrid work has led to weakened data security, making it easier for bad actors to gain access to networks.

These attacks can have many damaging effects, including operational disruption, ransom costs, lost revenue, and reputational damage. In fact, reputational damage can be the costliest of these, potentially leading to insolvency. Travelex, after reportedly paying millions in ransom at the beginning of 2020, and time lost restoring their systems, were placed in administration later that year.

Broken trust can be a huge reputational hit, substantially reducing client revenue after the financial drain associated with such an attack.

FinCEN reported that suspicious ransomware-related transactions totaling around $590 million were reported from January 2021 to June 2021. In the three years between September 2019 and September 2021, about $5.2 billion in Bitcoin was reportedly trafficked by the top 10 hacking groups.

Smaller firms are not immune

Although ransomware once targeted primarily larger organizations, The State of Ransomware 2020 by Sophos, a cybersecurity firm, found that 47% of surveyed organizations with 100-1000 employees experienced a ransomware attack, and 54% of surveyed organizations with 1001-5000 employees were hit.

Research by US cybersecurity provider Purplesec confirms that smaller businesses are in the sights of ransomware perpetrators:

• 20% of ransomware victims are small to midsize businesses
• 85% of managed service providers report ransomware as a common threat to small and midsize businesses

Law firms are not excluded from these numbers. Research from global cybersecurity firm BlueVoyant found that 100% of law firms they analyzed were targeted in attacks by threat actors and 15% of a global sample of law firms showed signs of compromised networks.

The growing incidence of ransomware as a service (RaaS) even eliminates the need for perpetrators to build the ransomware themselves. This opens the playing field to an almost infinite number of threat actors, increasing the risks for all.​

Are you protected? 

The threat to law firms is real. Reputational damage resulting from the publication of stolen, potentially compromising information about named clients can bring a law firm to its knees, whether the ransom is paid or not. And keeping an attack quiet may only add to the damage when it is discovered.

Why wonder if your firm could be targeted when you can ensure that you are adequately protected? Preventing a ransomware attack from occurring is always going to result in a better outcome.

Learn more about ransomware and how law firms are protecting their organizations from this threat by downloading our white paper, Ransomware and the Legal Profession.