The largest law firm in the world, DLA Piper, underwent a ransomware attack that cost them $300 in bitcoin. But the greater cost came from the 15,000 hours of overtime the firm's IT department put in after the fact.
Ransomware attacks occur when hackers install malicious software on a company's computers. The hackers then hold your business systems for ransom. Firms have to pay the hackers' price to recover their assets.
Unfortunately, ransomware attacks are on the rise, and even law firms aren't safe. A cybercrime targeting your firm can be the difference between healthy revenues and a year in the red.
So, why do hackers target law firms? Keep reading for the top four reasons and stick around to learn what you can do to prevent a breach at your firm.
1. Law Firms Have Sensitive Data
Law firms and outside counsel for big businesses keep highly sensitive information on their servers. A hacker can get anything from a company's technical secrets to their business strategies all on one server.
With all that sensitive data, law firms have a lot to lose during a cybersecurity breach. And that makes businesses more likely to pay.
2. Law Firms Have a Lot of Data
It's not just law firms' sensitive data that attracts ransomware attackers. Law firms also have a lot of sensitive documents. And unlike with big business hacks, attackers have to sort through fewer useless documents to hit gold.
That means if the hacker plans to sell off your information, odds are they'll have many interested bidders.
3. Law Firms Have the Means to Pay
The average ransomware payment demand is on the rise. Researchers report a 356% YOY increase in the average ransom. Payments jumped from an average of less than $50,000 in Q2 2020 to over $178,000 in Q2 2021.
Meanwhile, the average gross revenue of US firms is over $104 billion. Hackers know this fact, and they target you because they know you can pay.
4. Law Firms Have Enemies
Law firms work with inventors, criminals, and enemies of the state. So, it should be no wonder that the enemies of law firms and their clients hire hackers to perform ransomware attacks.
For example, a California law firm reported a ransomware attack that originated from China. And these attacks started rolling in mere days after the firm filed a lawsuit against several powerful Chinese corporations.
Awesome. So now what?
What Happens If there's a Breach at Your Firm?
Say your firm does experience a malicious software hack. What comes next? Keep reading for some of the latest laws and regulations around cybercrimes like ransomware attacks.
You Must Notify Your Clients
If a ransomware attack leads to the misappropriation, destruction, or general compromise of a client's confidential information, the America Bar Association requires you to notify that client.
This requirement mostly applies to current clients. However, if a previous client requested to be notified in case of a breach of their confidential information, you're also required to notify former clients.
Further, law firms must keep clients "reasonably informed" about the status of their confidential data.