While law firms had not previously been a major target for hackers, explains Shmuel Gihon, a threat intelligence researcher at cybersecurity firm Cyberint, cybercriminals have now targeted dozens in the first three months of this year.
“People need to be prepared for this. Especially organizations that are considered to be relatively wealthy, like a large law firm. They will be targeted, and it’s not a question of if, but when,” says Professor Alan Woodward, an expert in cyber security from the University of Surrey.
According to Professor Woodward, criminals make hundreds of millions of pounds every year by installing software on company computers to steal data and blackmail executives. He warns that companies paying after these so-called ransomware attacks are making the problem worse.
“Hackers are trying to extort companies by threatening to make data public. And it’s becoming more and more common for people to pay sadly. But people shouldn’t pay. If you pay them, you’re encouraging it and we’re funding.” crime,” he says.
“They also put you on a sucker list that’s also put on the dark web and other criminals come back for more money. And insurers are much less willing to pay. Sometimes it’s like finding out someone was robbed when their front door was open”.
Ince Group was quick to obtain a court order to deter attackers from leaking their data online after it was hacked.
In a ruling issued last week, Judge Saini said it was a “clear case of blackmail.” The hackers were the defendants in the case, but were not notified for fear they would leak the law firm’s data before a trial.
Judge Saini said: “It is clear from the present evidence that the defendant is motivated by money and has threatened to harm the Plaintiff through a form of blackmail.”
Ince Group has also appointed IT experts to advise on the next steps. A spokesperson said: “In our efforts to try to do everything we can to prevent potentially copied data from being published, the High Court has granted us an injunction blocking the use, publication or disclosure of any data taken from our systems by the responsible criminals.
“If they choose to do so, they can be held in contempt of court and jailed, fined, or have their assets confiscated. This also allows us to request that the data be removed from any site it may be posted on.”
Professor Woodward cautions, however, that an injunction would do little to deter such criminals and that companies should instead focus their efforts on preventing attacks.
“The problem is that these people are criminals working across international borders, so the warrant probably doesn’t mean anything,” he says.
“These are criminals, they don’t care if their activity is illegal or not. The fact that a court says they can’t release this data won’t stop them. They have no conscience.”
Cyberint’s Gihon agrees. “A court order will have little to no impact on the way events unfold now. In the case of these types of attacks, if the ransom is not paid, the data will usually be leaked to criminal forums on the Darknet,” he explains.
“Any business in the city that finds itself in a similar situation being blackmailed or targeted by a ransomware attack should immediately deploy sophisticated threat intelligence to gain a good understanding of the attackers and, ideally, uncover their identities.”
He argues that companies should educate staff on how to avoid opening links and attachments that can install ransomware, and warns that senior executives are particularly vulnerable to attack due to a combination of “ignorance and arrogance.”
“They always think it won’t happen to them, which is why ‘phishing’ attacks later became what people call ‘whaling.’ Attackers have realized that bigwigs are more likely to of an organization to fall for it. And it’s a combination of ignorance and arrogance, they just think that people would never attack them,” he says.
But with so much money at stake, executives may need to wake up to reality to avoid becoming entangled in the web of hackers.