Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Shutts & Bowen Successfully Defends Itself Against Ransomware

May 24, 2017

Legaltech news (sub. req.) reported that, last week, the Florida law firm of Shutts & Bowen successfully defended itself against the ransomware WannaCry before it encrypted any of the firm's data. In and of itself, this is not remarkable. Law firms are increasingly striving to protect their confidential data and to assure their clients that they have done so. Shutts & Bowen is a Florida law firm of more than 270 attorneys, according to its website.

As the firm notes, it has technology in place where spear phishing attacks are almost always quarantined by its technology. Since we know now that WannaCry was a worm, it must have had other measures in place to protect against WannaCry.

The specifics are less important than the firm's obvious focus on cybersecurity. Last year, Shutts hired a full-time cybersecurity expert and joined the Legal Services Information Sharing and Analysis Organization, or LS-ISAO, which shares information about cyber threats among member law firms.

The firm hired a cybersecurity consulting company to carry out a cyberattack to reveal vulnerabilities at the firm. At firm offices, the company dropped USB drives with labels such as "associates salaries" and "payroll." But the USBs held a program that, when plugged in, would alert the consultant that it had infected the system. In our parlance, this is called "baiting" – and it is remarkable how many people fall for it.

The company also conducted mock spear phishing attacks. The consulting firm sent an e-mail purporting to be from a managing partner to a specific person in payroll requesting a list of all the firm's W2s. While no one fell for the "dropped" USBs (employees turned them in), the W2 e-mail almost worked, and a few click-on-the-link mock virus attacks got through. The firm later used the findings of the mock attack in firm-wide employee training sessions. And, laudably, the firm does these trainings annually.

Larger firms like this one are increasingly turning to the sort of measures described in the article – now we need to "spread the gospel" to smaller firms.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Shutts & Bowen Successfully Defends Itself Against Ransomware

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer