A new round of ransomware attacks has counted five US law firms - three in the past 24 hours - among its victims, with stolen data from two of the affected firms already being posted online. More worryingly, this published data includes some confidential client information.
According to Brett Callow, a threat analyst with Emsisoft, hackers have stolen data from at least 5 firms and used the threat of releasing the data to subsequently extort payment from them. In the two cases where data was already posted, this was posted on the public Internet where it can be subsequently viewed by anybody.
These criminals are using the so-called Maze ransomware, which was the subject of a warning issued by the FBI earlier this month. According to reports, victims of the Maze attacks have so far included an accountancy firm, a supermarket chain, and a university.
The criminals infiltrate their targets' systems by using email with malicious attachments. The exact nature of the emails being used against law firms is unknown; however it is reasonable to assume they are crafted in a way that members of the legal profession are likely to take the bait.
The M.O. of this particular group is to initially name their victims on their website, and if this doesn't convince the victim to pay, to proceed to publish a small amount of their data as "proof" of the seriousness of their threat.
If the victim still doesn't make payment, the remaining data is then published piece by piece.
1. Never open email attachments from unknown sources, and make sure your staff are trained the same. This is, by far, the most effective immediate solution to most ransomware threats - in the vast majority of cases, hackers rely on their victim clicking a link or opening a malicious email attachment.
2. Ensure all your devices are up to date with the latest security patches. It is important to install these patches as quickly as possible after they are released, as they fix security vulnerabilities that may start to become more widely known. Installing the patch makes sure that the vulnerability is closed before it can be exploited on your system.
3. Install appropriate security management software. In the long run, absolutely nothing can beat a robust security policy, involving technological solutions properly deployed across your network. These systems utilise the latest in machine learning and behavior modeling techniques, making sure your systems are protected from even the newest threats - as and when they develop.