The rise of Ransomware attacks within the Legal industry

In this Article
Reading Time:
Posted: 27th November 2023 by
Courtney Evans
Share this article

The cyber threat of ransomware to law firms is increasing each year, be aware and prevent the risk before it’s too late.

Law firms are popular victims of this cybersecurity threat due to the high volume of sensitive data they hold. Data collected from Black Fog, a data protection site, found that the increase of ransomware attacks was up to 49% in the first six months of 2022 and is believed to be on a continuous rise. They reported that the legal sector accounts for 2.3% of all ransomware attacks making it the fourth most attacked industry in the UK in 2022 with an expected rise to come. The USA experienced the largest amount of attacks in 2022, with thirty-six incidents that were publicized, following this was with seven attacks. Ransomware has been so successful that the demand prices are increasing, further financially damaging a company.

If a company decides to pay the ransom it could face a severe asset freeze from the government as this is seen as funding criminal activity leaving the victim with a high-risk decision to make.

There are different forms of Ransomware with different levels of risk, the most well-known being crypto-ransomware. The files become locked and the content is inaccessible to the company without the decryption key. Having sensitive data within the files creates a temptation to give in to the threat as the legal industry has a commitment to hold confidential files for various clients and businesses. Lockers is a form of Ransomware that locks the company out of its system displaying a lock screen to present the ransom demand, often with a countdown to intensify the situation. Scareware is fake software claiming to have detected a virus and points you to pay to resolve the problem. This can be in the form of locking the computer or a mass influx of pop-up alerts on the screen.

The legal industry is no longer safe and ransomware gangs do not discriminate based on the size of the company or revenue generated leaving anyone vulnerable. Those with £100 million were targeted equally as much as those with less than £3 million in revenue. Small companies often lack the resources necessary to prevent these strikes leaving them in danger. Larger companies are most likely to carry a high number of sensitive files and likewise have the means to pay the ransom sum.

The personal data held by all legal firms is appealing to these criminal organisations causing an increase in attacks. This threat means one thing for the legal industry, the need for sophisticated security is becoming a priority.

Law firms who have experienced an attack

There are many reported incidents of ransomware, and not all lead to data being recovered. These gangs are ruthless and intelligent. There is also confidence in their threats receiving attention, leading to an increased monetary demand.

  1. In 2020 Grubman Shire Meiselas & Sacks offering legal services to the entertainment and media industries was faced with a severe threat from a ransomware gang. The group initially demanded $21 million, which was quickly doubled. The legal firm represents many celebrities, which the ransomware gang used to their advantage by leaking information about Lady Gaga. The FBI advised Grubman Shire Meiselas & Sacks not to pay anything at all and eventually, they did recover a majority of the data however some remains lost and the risk of it being publicized continues.
  2. In 2023 HWL Ebsworth, which is one of Australia’s largest law firms, was greatly damaged by a ransomware gang targeting them. HWL Ebsworth represents Australia’s largest bank as well as the federal government making them desirable to gangs. The breach was disclosed to the public by the gang themselves stating they had access to over 4TB of data. According to ABC News a portion of this data was published at a later date with the message: ‘Enjoy!!!’ The law firm has now lost to the gang but is steadfast in its moral duties to the community and so will not submit to the ransom as to not condone the criminal activity that is taking place.

Preventative measures that need to be taken

Preventing these attacks is much more effective than trying to respond to an attack once it has taken hold of the software. Once they have made their way into the network, the damage has been done and you are in a vulnerable position at the mercy of the cyberthief. The options are limited, either allowing the data to be stolen or compromising the integrity of the business and client information. Or paying the ransom to restore data, leading to legal consequences. Make sure security measures are in place to protect your files and your clients.

  • Conducting an audit of the firm's IT security and securing an insurance policy for cybersecurity.
  • Installing antivirus software is a simple and effective way to secure data along with securing backup files keeping copies on the cloud or a hard drive so they can be accessed at all times.
  • Enabling firewalls will add an additional level of security allowing this to filter through any suspicious attempts into your network.
  • Enabling a zero-trust security may sound severe, but this will ensure that any access into the network has had their identity verified including external as well as internal attempts. Systems will be restricted to only authorised devices reducing the risk of outsider strikes.

Dealing with Ransomware and your legal responsibilities

In May 2019, the UK enforced financial sanctions under the Cyber sanctions regime. The aim here was to prevent cyber activity which would undermine national security. The person imposing the breach will face asset freezes and travel bans, causing any money that was attained from ransomware to be inaccessible to the criminal organisation.

When dealing with an act of ransomware, the first step should be to report it to the Action Fraud centre. The HMG will carefully investigate whether the incident was reported particularly If ransomware payments were made. If the investigation finds the payment was made for the best interest of the public it would lie with the prosecuting authorities to determine whether prosecution was required.

The government discourages paying the ransomware as it threatens security, encourages criminals to repeat the act, and it does not guarantee that attackers will allow the company to restore data as 20% of organisations who paid the ransom could not recover their files.

The legal industry is at high risk from these ransomware attacks which are only increasing, make sure files are protected and software is secure to reduce the risk of being their next victim.


About the Author

Courtney Evans
Courtney studied English Literature and Creative Writing at University and is the Editorial Assistant for Lawyer Monthly, Finance Monthly and CEO Today writing articles for all three publications. Courtney is an experienced writer who enjoys researching for the articles. When she’s not working, Courtney can be found planning her next budget friendly trip and trying to tick off new experiences on her ever-growing bucket list.
Connect with LM
Lawyer Monthly: The Briefing
Subscribe to Lawyer Monthly Magazine Today to receive all of the latest news from the world of Law.

About Lawyer Monthly

Lawyer Monthly is a news website and monthly legal publication with content that is entirely defined by the significant legal news from around the world.