Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Coveware 2021 (Q1) Report Points to Small and Mid-sized Law Firms as Ransomware Targets

May 4, 2021

Released on April 26, the Coveware Quarterly Ransomware Report reports on trends during the first quarter of 2021.

Of particular note to law firms is the following:

The most notable change in industries impacted by ransomware attacks in Q1 was the Professional Services industry, specifically law firms. Small and medium sized law firms continue to succumb to encryption ransomware and data exfiltration extortion attacks. Unfortunately, the economics of many small professional service firms do not encourage or enable adequate cyber security.

For example, many law firms are structured as limited partnerships for tax purposes. This means the firm pays out all its profit to the partners every year. The desire to maximize profits and income to the partners can marginalize the priority of investing in cybersecurity. Another example is the third party vendor relationships of a small law firm. These firms generally do not work with major enterprises that would perform rigorous cyber risk assessments, the most basic of which would immediately surface common vulnerabilities and weaknesses that may result in a future ransomware attack. Rather, small firms tend to have equally sized clients that do not demand vendor assessments of cyber risk.”

Here are some of the first quarter stats:

  • Average ransom payment $220,298 (+43% from Q4 2020)
  • Median ransom payment $78,398 (+59% from Q4 2020)
  • Average days of downtime: 23 (+10 from Q4 2020)
  • New trend in Q1 – disrupting business after initial attack while firm is trying to recover – and stealing more data or relaunching ransomware
  • 77% of ransomware attacks include a threat to leak stolen data (up from 70% in Q4 2020)
  • Most ransomware-as-a-service (RaaS) affiliates purchase network access from someone else and use stolen data as leverage against the victim

And here are some of the assumptions Coveware believes you should make if you are a ransomware victim:

  • Data will not be credibly destroyed, but traded to others, sold, misplaced or held for a second extortion attempt.
  • Exfiltrated data was probably held by multiple parties and not secured. Any of them may have made copied for future extortion.
  • Data may be deliberately or mistakenly published before the victim can respond.

Not a super long report – well worth studying a bit. Once again, the landscape of ransomware is evolving in more dangerous ways.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email:  Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson