The Zen of Work: Ransomware

Ransomware

With “Holly” on a mission to take control of her work situation – aiming to instil a feeling of Zen in her workspace – she has come to us seeking answers. 

And we are happy to oblige Holly. As always.

After recently learning what “data” and “data management” entail as well as the importance of backing-up her data, Holly has now discovered a very sobering fact – cyber security and ransomware is on the increase!

She read a little about cybersecurity in AJS’s article The Top 7 Legal Tech Trends for 2022, but she honestly didn’t realise how prevalent ransomware is or how important having top-notch cybersecurity is (she should have known this though).

Holly suddenly finds herself feeling quite distressed (yet again) and in desperate need of advice.

Fear not Holly, we got you!

What is ransomware?

According to Norton, ransomware is defined as –

“Malicious software that uses encryption to hold data for ransom has become wildly successful over the last few years. The purpose of this software is to extort money from the victims with promises of restoring encrypted data. Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it. Ransomware, as it is known, now scores high profile victims like hospitals, public schools and police department’s”.

And its prevalence has increased significantly over the last few years. In the article Ransomware in 2022: We’re all screwed, they said the following about ransomware –

“Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains.

Ransomware infection is no longer an end goal of a cyberattack. Instead, malware families in this arena — including WannaCry, NotPetya, Ryuk, Cerber, and Cryptolocker — can be one component of attacks designed to elicit a blackmail payment from a victim organization”.

The European Union Agency for Cybersecurity (ENISA) have said that there was a 150% rise in ransomware attacks between April 2020 and July 2021. According to the agency, we are experiencing the “golden era of ransomware” and there are fears that despite the problem of ransomware attracting the attention of world leaders, the problem will get far worse before it gets better.

Ransomware is thus the most significant cybersecurity threat facing businesses today. Professional cyber criminals (aka “hackers”) have become far more sophisticated in order to maximise the amount of money that can be made from cyber-attacks. It’s likely that the success of ransomware campaigns will only encourage more hackers to get involved with ransomware, particularly when it comes to hands-on operations that can cripple an entire network.

How does ransomware work?

Hackers trigger a ransomware attack by secretly compromising networks (often via phishing attacks, compromising cloud services, or exploiting vulnerabilities) before installing file-encrypting malware across as many systems as possible. Victims are locked out of files and servers and the cyber criminals demand a ransom payment (often to be made in cryptocurrency) in exchange for the decryption key. In many cases, the victim pays just to get their systems under their control and their businesses operational once again. But that payment only serves to fuel the ransomware industry.

Unfortunately, attacks against law firms are also on the rise. Hackers realise that the confidential nature of law firm data can help them extort large ransoms from victims who want to quickly and quietly regain control of their networks.

What can and what shouldn’t Holly do about ransomware?

Defending against ransomware is a two-prong process that starts with developing a strong information governance program to prevent an attack from succeeding and having the right threat intelligence and tech in place to prevent cybersecurity attacks.

According to Norton (an anti-virus or anti-malware software product) here are some (relevant) important do’s and don’ts when it comes to ransomware –

1. “Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
2. Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
3. Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your co-workers receive suspicious calls.
4. Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
5. Do employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
6. Do make sure that all systems and software are up-to-date with relevant patches. Regular patching of vulnerable software is necessary to help prevent infection.
7. If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. If offered, make sure you know how to connect to the company’s Virtual Private Network (VPN).
8. When backing up to cloud services, be sure to talk to your IT department first, for a list of acceptable cloud solutions”.
9. A Helpful Hint from AJS – to properly protect your software and valuable data from Ransomware and cyber-attacks, it is advisable to work together with a reputable data centre, such as Teraco Data Environments together with a reliable software provider, such as AJS (an ideal combination).

Work Zen is within reach

By approaching your service provider, like AJS, you can easily achieve a state of Work Zen in no time. By using your software package for what it is actually meant for (which is not just legal accounting) you can approach each day with a Zen-like peace knowing that everything is perfectly in its place. That everything is being managed and that all is fine.

Because you have the support and back-up to ensure that is the case.

There are a lot of attorneys who have the software packages in place but are just not sure how to fully use them, what everything does and how they can optimise their practice to ensure that it is performing with accuracy and reliability.

But, with the help of AJS, your practice (regardless of its size) can (and will) succeed.

We will continue going through tips, answering your FAQ’s, and providing you with information that will better equip the everyday user of legal tech, like you and like Holly, to achieve a state of Work Zen.

It’s all easy. If you know how… Just ask us.