“Small and Midsize Law Firms Slammed by Ransomware” by Sharon Nelson and John Simek was recently featured in Slaw Magazine. Slaw is a Canadian online legal magazine.
A Warning for Law Firms
The first of the quarterly 2021 surveys appeared during April – and the news isn’t good for small and midsized law firms. Note these ominous words from Coveware, a highly regarded aggregator of global ransomware and cyber extortion data, which published the Coveware Quarterly Ransomware Report (Q1 2021):
“The most notable change in industries impacted by ransomware attacks in Q1 was the Professional Services industry, specifically law firms. Small and medium sized law firms continue to succumb to encryption ransomware and data exfiltration extortion attacks. Unfortunately, the economics of many small professional service firms do not encourage or enable adequate cyber security.”
Sobering Statistics from the First Quarter of 2021
The average ransom payment was $220,298 (+43% from Q4 2020)
The median ransom payment was $78,398 (+59% from Q4 2020)
The average number of downtime days was 23 (+10 from Q4 2020)
77% of ransomware attacks include a threat to leak the stolen data (up from 70% in Q4 2020).
Most ransomware-as-a-service (RaaS) affiliates now purchase network access (often for a nominal sum) from someone else, then use the data they can now steal to leverage payment from the victim.
And a new and disturbing trend in 2021? Attackers are taking to disrupting business after an initial attack while the firm is trying to recover – and stealing more data or relaunching ransomware.