Bringing cybersecurity globally to critical and complex key activities
Understanding the cyber threat:
Organizations in the Legal industry, such as law firms, are increasingly relying on IT for many of their critical operations. Besides, the very nature of this industry makes them prime candidates for ransomware attacks, as they handle large volumes of sensitive data (confidential information related to mergers and acquisitions, documents under professional secrecy) that threat actors perceive as valuable. This combination of factors opens the door to cyberattacks by groups with primarily financial objectives.
The nature of cyber-extortion has changed in recent years, from an ecosystem dominated by the use of ransomware as both a data encryption and ransom negotiation tool to an environment where operators use various blackmail techniques, sometimes not even encrypting the data. This new tactic, often referred as double-extortion reflects a reality : for some companies, the possibility of having their sensitive data published is a greater risk than having their servers paralyzed. This observation applies to companies in the legal sector for two main reasons.
First, a law company whose name and sensitive documents were leaked by a cyber-extortion gang will suffer from reputational damage as clients will move away from the firm. A law company loses on average 5% of their clients after a data breach.
Second, for European firms, the provisions of the GDPR (General Data Protection Regulation) provides for fines up to 4% of the company’s turnover in case of dissemination of confidential content.
Despite the uncertainty of negotiating with cybercriminals, those elements may explain why some law firms decide to pay the ransom.
Despite the uncertainty of negotiating with cybercriminals, those elements may explain why some law firms decide to pay the ransom.
From Q1 2020 to Q1 2021, ransomware attacks targeting the legal services sector increased by 967%, from 3 reported organizations to 32.
In a survey conducted in April 2021, with the participation of 1,263 professionals from different countries, 50% of legal businesses were forced to lay off employees after falling to a ransomware attack. It accounts for the highest rate across all industries, followed by Retail (48%) and Automotive (42%).
Other Figures:
• The sending of malicious attachment was multiplied by 7 due to COVID 19.
• The average ransom payed by legal companies increased from $5,000 in 2018 to $200,000 in 2021
While the majority of the major ransomware operators have already successfully exploited a legal-related organization, the REvil/ Sodinokibi group of operators topped the list (Figure 2). Ransomware operators DarkSide and NetWalker follow with double-digit victim numbers in the legal sector.
In May 2020, the entertainement law firm Grubman Shire Meiselas & Sacks was hit by a ransomware attack.
Revil/Sodinokibi operators initially demanded a ransom of $21 million, which they doubled to $42 million after the law firm refused to pay the initial amount. Sodinokibi went on to leak the purported data of 12 clients of Grubman, Shire, Meiselas, & Sacks by posting it to their auction page in a failed attempt to push the firm to pay the ransom.
The notorious REvil hacker group, believed to be from Eastern Europe, stole private emails, contracts and personal information from the New York-based law firm.
