Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Understand Your Cloud Provider’s Technology

October 28, 2019

The past couple of weeks have not been a good time for cloud provider TrialWorks. TrialWorks is a cloud-based case management system used by lawyers and law firms. On October 13th, TrialWorks notified customers that it had suffered a ransomware attack. As a result, users' data was not accessible. The details of the attack are unclear. Bleeping Computer reported that TrialWorks notified customers on October 15th (two days after the initial notice), ""Our team made significant progress throughout the day cleaning and removing any remaining system anomalies and are actively decrypting and restoring data as we speak." While some customers reported limited access on October 17th (4 days) others waited until October 22nd (9 days) before getting access.

Decrypting data would indicate payment of the ransom, but that is not consistent with another statement which said, "Although access will be disrupted as we remediate the ransomware, we maintain separate online and offline database back-ups to protect your data, and we are confident we will be able to restore data from our backup sources that were not affected." Perhaps there was also a problem with the backups? In another report, TechBento suggested a core reason for such a major impact to all of the TrialWorks customers. It can be implied that the architecture of the cloud environment was not multi-tenant. In other words, a problem with one client can move "across" and impact other clients. That's a problem especially for lawyers since they have an ethical duty to protect the confidentiality of their client's data.

There has yet to be any public notice of the ransomware attack or details of the event and recovery. Bottom line, I'm sure a lot of TrialWorks customers are not very happy. This is a good lesson when dealing with cloud providers. Ask questions about the architecture, backup strategy, security, etc. when deciding to entrust your data to someone else.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com