“Small & Midsized Law Firms Slammed by Ransomware” by Sensei’s Sharon Nelson and John Simek was recently featured as a guest blog post in the Massachusetts Law Office Management Assistance Program’s (Mass LOMAP) blog. Mass LOMAP helps attorneys licensed, or soon to be, in Massachusetts to implement professional office practices and procedures.
With data security threats on the rise, lawyers need to stay aware and plan accordingly.
A Warning for Law Firms
The first of the quarterly 2021 surveys appeared during April – and the news isn’t good for small and midsized law firms. Note these ominous words from Coveware, a highly regarded aggregator of global ransomware and cyber extortion data, which published the Coveware Quarterly Ransomware Report (Q1 2021):
“The most notable change in industries impacted by ransomware attacks in Q1 was the Professional Services industry, specifically law firms. Small and medium sized law firms continue to succumb to encryption ransomware and data exfiltration extortion attacks. Unfortunately, the economics of many small professional service firms do not encourage or enable adequate cyber security.”
Sobering Statistics from the First Quarter of 2021
The average ransom payment was $220,298 (+43% from Q4 2020)
The median ransom payment was $78,398 (+59% from Q4 2020)
The average number of downtime days was 23 (+10 from Q4 2020)
77% of ransomware attacks include a threat to leak the stolen data (up from 70% in Q4 2020).
Most ransomware-as-a-service (RaaS) affiliates now purchase network access (often for a nominal sum) from someone else, then use the data they can now steal to leverage payment from the victim.
And a new and disturbing trend in 2021? Attackers are taking to disrupting business after an initial attack while the firm is trying to recover – and stealing more data or relaunching ransomware.