When asked why he robbed banks, the infamous Willie Sutton allegedly responded, "Because that's where the money is." If asked why they target law firms, modern-day cybercriminals might respond similarly: "Because that's where the data is."
Law firms have considerable volumes of sensitive client data that enterprising bad actors can leverage in all manner of criminal schemes. That's true for law firms employing a single attorney and for those employing thousands around the globe. What makes law firms an even more attractive target for hackers is that many possess the financial wherewithal to pay the ransoms demanded by criminals to regain control of their stolen data.
While law firms may hope to avoid a major cyberattack, statistics from multiple sources create a gloomy picture of what the future might hold. The Ninth Annual Cost of Cybercrime Study, conducted by the Ponemon Institute and Accenture, found that the average annual cost of cybercrime for the 355 companies surveyed grew by 29% in the United States in 2018, to a total of $27.4 million. And the American Bar Association's 2019 Legal Technology Survey Report noted that 26% of firms surveyed had experienced some form of security breach.
Ransomware Attack on High-Profile Firm Puts Spotlight on Law Firm Cybersecurity
A recent attack against Grubman Shire Meiselas & Sacks, a well-known Midtown Manhattan firm that provides legal services to the entertainment and media industries, vividly illustrates what can happen when a determined group of cybercriminals sets its sights on a law firm that possesses a treasure trove of sensitive data.
The attack is rumored to involve a hacking group that previously obtained a $2.3 million ransom payment from a UK firm, using their REvil ransomware. A particularly damaging form of attack, ransomware blocks access to an organization's computer systems until a ransom is paid. Meanwhile, the hackers can grab data, which they can threaten to release if the ransom demand isn’t met.
Details remain sparse regarding how the hackers gained access to Grubman's data. The firm acknowledged the attack in May 2020, disclosing that the theft involved 756 gigabytes of data. Just one gigabyte of data can store about 65,000 pages of Microsoft Word, so this breach represents a massive amount of data.
The bad actors involved initially demanded a ransom of $21 million, which was later doubled to $42 million.
To exert pressure, they leaked information involving Lady Gaga, who is a client of the law firm. They've also threatened to release information involving other celebrities, including Madonna. While President Trump was rumored to be a former client, Grubman has denied this to be true.
At this point, the hackers claim they have received $365,000 from the firm so far.
How Did the Attack Succeed?
Until the law firm releases information on how the attack succeeded, we can only speculate as to how it unfolded. But the attackers have in the past used several attack vectors to deliver REvil, including spam emails with an infected Word document attached. Because email is the most common delivery method of ransomware, for now we can assume that the infection entered the law firm's IT environment using this approach.
What Will Happen Next?
The firm said in a statement that the attack took place despite the firm's "substantial investment in state-of-the-art technology security." While the hackers' claim to have received some ransom money, the firm noted that “negotiating with or paying ransom to terrorists is a violation of federal criminal law" and that "even when enormous ransoms have been paid, the criminals often leak the documents anyway."
Grubman has reportedly hired a team of experts to work around the clock. What the next move will be is still unclear.
How Could It Have Been Prevented?
While we do not know for certain how REvil infected the firm's systems, we do know that defending against ransomware—or any form of cyberthreat or cyberattack for that matter—requires a multi-pronged approach that aligns people, processes, and technology in a seamless defense. With access to expert cybersecurity analysts, a robust security information and event management system, and continuous monitoring around the clock, law firms can improve their security operations and their ability to defend client and firm data.
Given the unrelenting growth in cyberattacks, coupled with the attractiveness of the legal sector for cybercriminals, it is imperative that law firms have strong cybersecurity protections in place to deal with attacks that at this point seem inevitable.
Learn how Arctic Wolf keeps law firms safe and secure.