Law firms “more likely to pay cyber crooks” who lock their IT systems


Security: could you be locked out of your systems?

More than a quarter of law firms that fall victim to ‘ransomware’ – software used by cyber crooks to block access to computer systems – end up paying £5,000 or more to retrieve their data, according to research.

The survey, of 250 law firms and 750 other UK businesses that have had a ransomware problem, found that legal victims were more likely to pay crooks to access blocked data than those in the three other sectors polled – retail, leisure and hospitality, and banking and insurance.

The survey showed that at 88% of law firms hit by this kind of attack, systems went down for a week or more.

The effects of a ransomware attack was “almost instant” at two-thirds of firms (68%), with “data systems going from fully functional to essentially useless within seconds and minutes”.

A third of law firms (33%) lost access to their data for more than a month, while 14% said it was “unrecoverable”.

A third of firms could not estimate the overall cost to their business of the attack, describing it as ‘unquantifiable’, while 53% reckoned it had cost between £1,000 and £2,000 a day in lost revenue, due to data systems being down.

The survey was conducted by cloud service specialists Timico and data protection provider Datto.

Andrew Stuart, managing director of Datto EMEA, said law firms needed to be aware that ransomware attacks were “not usually random”.

Mr Stuart went on: “These are generally intelligent people who set up businesses to make money by targeting people. They are looking for the firms most vulnerable to this kind of attack.

“It is terrifying that on the Dark Web you can buy a ransomware business and all you need is a list of firms to target.

“Law firms are very reliant on their reputations, and more reliant than others on their IT systems because everything goes through the computer – every letter, every transaction.

“They have to keep to tight deadlines to satisfy their clients and ultimately keep their reputations. Law firms are more likely to pay out because of all these reasons.”

Mr Stuart said he suspected that some law firms had made “much higher” payments than £5,000 to ransomware crooks. “Firms don’t want their clients to know that their systems have this infection and that they are vulnerable.”

However, Mr Stuart advised law firms not to pay, saying he knew of examples where money was paid and either nothing happened or a ‘key’ was forwarded to them to unlock their systems which did not work.

He added that law firms should invest in security products which enabled fast recovery from ransomware attacks, and on educating their workforce on all types of cyber-attack.




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Reports

Our latest special report, produced in association with Temple Legal Protection, looks at the role of after-the-event (ATE) insurance in commercial litigation post-LASPO. We are at a time when insurers, solicitors, clients and litigation funders work ever more closely to create funding packages that work for all of them, with conditional fee and even damages-based agreements now part of many law firms’ armoury.

Blog

24 January 2020

GDPR: Top UK law firms falling victim to human error

Nearly half (48%) of the top 150 law firms have reported data breaches since the GDPR came into force in May 2018. And, of those breaches, 41% were a result of emailing the wrong person.

Read More

Loading animation