A man sits at a desk looking at a computer screen.
Learn Why Organizations are Switching to NetDocuments.

Prevent Ransomware Attacks to Your Law Firm


Back in the day, keeping your law firm secure was mostly about putting important files under lock and key. A security breach meant an actual physical intruder or theft.

Now, law firm security is far more complex. There are more types of threats to consider — from phishing attacks to digital eavesdropping to botnet attacks. Not only are there significantly more bad actors on the scene, but they can infiltrate your firm’s confidential documents and critical data from anywhere in the world. And they could have hundreds or even thousands of potential entry points through your team’s various app accounts and devices.

To help your firm stay secure, it’s important to understand the types of ransomware variants you’re up against. One of the primary cyberattacks against law firms today is ransomware. Here we’ll walk through what ransomware is, where it comes from, the risks for your firm, and tips and resources you can implement to help prevent ransomware attacks.

Ransomware 101: How Does Ransomware work?

Ransomware is a type of malware designed to hold a victim’s data hostage until an untraceable extortion is paid. This can be accomplished by locking users out of their desktop, laptop, or mobile devices, or by identifying data storage drives on the infected system and encrypting files within each drive. (In other words, your documents and data become completely unreadable unless you have the correct cryptographic key.)

The scariest part is that it doesn’t stop there.

Most ransomware attacks go undetected until after the damage is done. If you don’t have the right preventive measures in place, the initial ransomware infection can quickly hitch a ride to every shared device or file that was accessible from the original computer.

Of course, even when the victim pays up, there’s no guarantee the cybercriminals will actually decrypt the data. In fact, many go on to extort more payments from the victim using threats to expose sensitive data or sell it on the dark web.

Where Does Ransomware Come From?

Law firm ransomware attacks take countless forms and exploit a constantly evolving mix of hardware, software, and human vulnerabilities. Some of the more infamous ransomware varieties you may have heard of include locky, cryptolocker, petya, or wannacry and they all make infected data useless or inaccessible.

The most common attack vectors for ransomware are when an unsuspecting member of your team opens a phishing email or downloads a file from malicious software. But who’s behind it?

The truth is ransomware attacks can come from a single bad actor in search of bragging rights — the way a vandal might choose a car at random to steal or slash a tire. Often, however, these attacks are more organized, sinister, and deliberately targeted. After all, if the hacker is going to go to all the trouble of initiating an attack, they want to ensure their target can actually pay out.

Who is at Risk to Receive Ransomware Attacks?

You don’t have to be a mega-corporation with incredibly deep pockets to be a target for ransomware.

The Ohio State Bar reported almost 25% of ransomware attacks target professional services firms, especially small and midsize law firms, and the average ransom payment was more than $220,000. This may be due to SMBs underestimating their risk and failing to take the proper precautions against ransomware and other security threats.

And we’re all familiar with the high-profile attacks against larger firms over the last five years.

There’s no question that law firms can be a particularly tempting target — not just because of the money, but because of the sensitive client and matter information they possess.

The Growing Risk of Ransomware

In 2020, the ABA Journal reported on two small law firms whose data was attacked by the hacking group Maze. In past incidents, Maze has ransomed similar attacks for more than $1 million — dramatically impacting the growth of their victims.

In light of these attacks, it’s clear that if you haven’t experienced a ransomware attack yet, the odds are that your turn is coming, and the risk goes up every year. The Joint Cybersecurity Advisory reported 2021 trends show an increased globalized threat of ransomware, and they observed incidents involving ransomware against 14 of 16 of the US critical infrastructure sectors.

Put simply, you should think of a law firm data security breach in terms of when, not if.

The combined impact of these kinds of cybercrimes is mind-blowing, with losses running into the billions. The disruptions hit just about every sector you can think of, sometimes disabling vital systems that sustain law firms, financial institutions, hospitals, airlines, and even critical infrastructure networks.

Implement Ransomware Prevention Strategies at Your Firm

There are many ways you can help prevent — and mitigate the effects of — ransomware attacks against your law firm. The more precautions you can implement, the better off you’ll be. Here are eight steps you can take.

1. Perform a ransomware risk assessment and plan for disaster recovery.

Make sure you have written data protection, disaster recovery, and incident response plans in place. It’s also important to share them widely in your organization so that everyone understands their role in protecting your data. Ensure buy-in from top leadership because this is a business decision, not just an IT decision. Regular phishing and attack surface tests are very effective tools to raise awareness and vigilance.

2. Use multifactor authentication and robust password management.

Ransomware attacks often start with phishing, where the attacker will gain access to the network by stealing a legitimate user’s password. Reduce the risk of phishing by using both multifactor authentication (MFA) and password management tools.

MFA requires at least two forms of verification for a user to gain entry to the system — for example, a correct password and a push notification or call to the user’s mobile phone. Password management tools can enforce sufficiently complex passwords, regular password updates, and other security best practices that will limit opportunities for bad actors to access the system.

3. Ensure your software and security patches are current across all applications.

Ransomware protection isn’t a one-and-done activity. Cyber threats evolve rapidly to get ahead of new security measures, and new vulnerabilities will open up with shifting user habits and as you adopt new hardware and software. It’s important to keep your apps updated so you’re protected against the latest threats and vulnerabilities.

4. Drive adoption of preventive software tools.

Follow a rigorous IT process for installing antivirus software, email filtering features, and anti-malware applications, and be sure to keep your operating system up to date. Even the most powerful security tools are no good if your people don’t adopt them — so train, train, train. And implement measures that are “invisible” and seamless for users.

5. Perform frequent systemwide backups.

There are business continuity software platforms that can help you recover from a ransomware attack by restoring your systems to the last known safe state before the attack took place. The best ones allow flexible physical and virtual restoration.

6. Keep your data backups physically separate.

If your backup files are accessible from your daily operating platform, chances increase that they can become infected when your endpoints “phone home” to upload new versions. Separate storage appliances are widely available at a variety of price points.

7. Stay informed about the latest ransomware threats.

The FBI, the Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency (CISA) all publish regular reports and updates on new trends and vulnerabilities to watch out for. You can subscribe to authoritative newsletters and adjust your protection plans regularly.

You should also ensure the teams behind your most important apps and platforms are vigilant about recognizing and responding to new security threats. It takes reliable partners to help keep your data safe and secure. Learn how NetDocuments helps law firms meet — and exceed — security and governance requirements.

8. Provide phishing training to help your team avoid attacks.

Your team members might not be fooled by a classic “Nigerian Prince” scam email, but malicious emails and other cyberattacks are growing far more sophisticated. Provide ongoing security awareness training that covers common phishing techniques so your team can stay savvy to recognize potential threats and know what to do when they encounter one.

A Strong Approach

The most important thing you can do for your firm is to stay vigilant and stick relentlessly to common sense best practices. Taking preventive measures and increasing awareness will ensure you’re prepared for today’s never-ending data protection battle.

How NetDocuments Can Help

The NetDocuments platform is designed to help you gain control of your documents, emails, and discussions. While your data is within our platform, our award-winning security solution provides a flexible and robust framework that can help protect you from ransomware attacks. Want to learn more? Schedule a demo today!

Get more tips on how to prevent a data breach by watching this free, on-demand webinar.

"Great company, great products, great leadership, great people, great culture!"
"I love my team and peers. We are family, and we respect each other."
"NetDocuments encourages a good work/family balance."
"I feel respected and valued by leadership and my team."
"We work together and support/encourage each other to do our best work every day."
"From start to finish, my leaders are willing to guide me and let me try new things. This keeps work fresh, exciting, and fun so I don't burn out or get bored."
"I have clear direction in my work tasks and priorities. I also feel encouraged to put my family first and maintain a healthy work life balance."
"I work with highly motivated individuals who are smart and allow me to learn from them!"
"NetDocuments is committed to exceeding customer expectations by building leading products hosted in rock-solid environments."
"I'm empowered to try new things and think through processes and campaigns strategically. I can lean on my boss for support, but I'm not micromanaged, which is appreciated."
You Might Also Be Interested In…
A white right arrow icon.
A white right arrow icon.
A white right arrow icon.