August 3, 2020

Is your law practice ready for the threat from ransomware attacks?

Did you know the biggest growth in cybercrime in the UK in 2019 was in ransomware, which was up by 195% in the first half of last year?

In fact, the UK was the second most attacked country in the world.

The problem has been around for more than a decade now, with the CryptoLocker attack in 2007 which spread through emails infected with malware and is thought to have attacked more than 500,000 computers.

Criminals used a network of hijacked home PCs to spread the ransomware, and this network was eventually uncovered by law enforcement and internet security professionals.

Some of the more recent ransomware attacks include:


Spread throughout 150 countries in 2017, exploiting a vulnerability in Windows to lock out users and demand a Bitcoin ransom. It affected more than 30% of UK hospital trusts and cost the NHS more than £92 million. Worldwide, it is estimated to have cost $4 billion in financial losses.

Bad Rabbit

Targeted insecure websites in 2017, getting unsuspecting users to click on something which installed malware. In this attack, it was a fake Adobe Flash player.


Claimed to have hijacked users’ webcams and demanded ransoms from people, threatening to make intimate images public. This attack hit in 2018 and became so widespread that it inspired the development of a decryptor by internet security companies.


First used in 2016, it encrypted entire hard drives via a fake job application email. It attacked computers’ master file tables.


This attacked more than 2,000 targets, including banks and prominent Russian oil producers. It even forced Chernobyl nuclear plant workers to check their radiation levels manually. They were locked out of their PCs.


This deleted more and more files as the hours ticked by and a ransom wasn’t paid. It started in 2016.

Why is ransomware so dangerous for law firms?

There are serious implications for any law firm which suffers a ransomware attack.

Under the General Data Protection regulation (GDPR), they must inform the relevant authority of any data breach, which in the UK is the Information Commissioner’s Office and may face investigation. In the case of serious breaches, law firms must also inform the data holders themselves.

For any legal practice, this would be a huge blow to their operations and the reputation of the firm.

Law firms often hold sensitive information about clients, such as financial and medical records, and records of criminal convictions. Data thieves could use the information to blackmail those clients.

It is likely that this data would be deemed ‘special category’ in GDPR, which would necessitate contacting each of the data subjects directly.

So, what can your law firm do to ensure it doesn’t become a ransomware victim?

  1. Maintain good network security – Segment your networks, keep anti-malware software up to date, patch known vulnerabilities quickly, and educate your staff about the threats from Trojans in suspicious links in emails and text messages.
  2. Have good data management – Destroy all unneeded data securely, whether that’s shredding documents or destroying old hard drives when computers are upgraded.
  3. Have a rigorous backup regime – Keep copies of critical data locally and in the cloud and back up regularly. You can then restore systems from clean back up.

Don't fall victim to ransomware.

Do you need expert advice on your law firm's network security? Contact us today.

Stay updated

Subscribe to our Newsletter to be the first to know about new products and solutions, and to qualify for exclusive early adopter discounts
Odoo & ERP
Copyright © 2020 Jötnar Systems. Jötnar Systems is a trading name of Jotnar Systems Ltd registered in England & Wales with company number 11982020.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram