Law Firms, Security

4 Reasons Law Firms Are Targeted For Ransomware Attacks

Chaz Hager November 17 2021

The largest law firm in the world, DLA Piper, underwent a ransomware attack that cost them $300 in bitcoin. But the greater cost came from the 15,000 hours of overtime the firm's IT department put in after the fact.

Ransomware attacks occur when hackers install malicious software on a company's computers. The hackers then hold your business systems for ransom. Firms have to pay the hackers' price to recover their assets. 

Unfortunately, ransomware attacks are on the rise, and even law firms aren't safe. A cybercrime targeting your firm can be the difference between healthy revenues and a year in the red. 

So, why do hackers target law firms? Keep reading for the top four reasons and stick around to learn what you can do to prevent a breach at your firm.

1. Law Firms Have Sensitive Data

Law firms and outside counsel for big businesses keep highly sensitive information on their servers. A hacker can get anything from a company's technical secrets to their business strategies all on one server.

With all that sensitive data, law firms have a lot to lose during a cybersecurity breach. And that makes businesses more likely to pay. 

2. Law Firms Have a Lot of Data

It's not just law firms' sensitive data that attracts ransomware attackers. Law firms also have a lot of sensitive documents. And unlike with big business hacks, attackers have to sort through fewer useless documents to hit gold.

That means if the hacker plans to sell off your information, odds are they'll have many interested bidders. 

3. Law Firms Have the Means to Pay

The average ransomware payment demand is on the rise. Researchers report a 356% YOY increase in the average ransom. Payments jumped from an average of less than $50,000 in Q2 2020 to over $178,000 in Q2 2021. 

Meanwhile, the average gross revenue of US firms is over $104 billion. Hackers know this fact, and they target you because they know you can pay. 

4. Law Firms Have Enemies

Law firms work with inventors, criminals, and enemies of the state. So, it should be no wonder that the enemies of law firms and their clients hire hackers to perform ransomware attacks. 

For example, a California law firm reported a ransomware attack that originated from China. And these attacks started rolling in mere days after the firm filed a lawsuit against several powerful Chinese corporations.

Awesome. So now what?

What Happens If there's a Breach at Your Firm?

Say your firm does experience a malicious software hack. What comes next? Keep reading for some of the latest laws and regulations around cybercrimes like ransomware attacks. 

You Must Notify Your Clients

If a ransomware attack leads to the misappropriation, destruction, or general compromise of a client's confidential information, the America Bar Association requires you to notify that client. 

This requirement mostly applies to current clients. However, if a previous client requested to be notified in case of a breach of their confidential information, you're also required to notify former clients. 

Further, law firms must keep clients "reasonably informed" about the status of their confidential data. 


Businessman shaking hands with a colleague in the office

Paying Ransome Could Be Illegal

In October 2020, the US Office of Foreign Assets Control (OFAC) advised that paying ransomware ransom could be a crime. 

Why? Because the US may consider paying cybercriminals a threat to national security. The US could also consider paying cybercriminals living in certain countries a breach of US trade sanctions. 

If you don't pay the ransom, though, you're often stuck with one option: to replace all the servers in your facility. That can cost a fortune and bring on lawsuits from clients whose privacy was compromised during the attack.

How to Protect Your Law Firm from Ransomware Attacks

Cybercriminals are probably here to stay. That's why the key to protecting your law firm from ransomware attacks is to prevent them from happening in the first place. 

Here are some tips for doing just that. 

1. Conduct Regular Audits

Your IT team and any third-party IT providers should conduct regular cybersecurity audits to identify potential threats. In fact, client requests for security audits as a condition of hiring a law firm are on the rise. 

2. Train Employees

The first line of defense against ransomware attacks is to train your employees to look out for them.

Ransomware attacks commonly come in the form of phishing emails and other suspicious links. An ongoing training program for all of your firm's employees can help prevent an attack altogether. 

3. Purchase a Cybersecurity Insurance Policy

A cybersecurity insurance policy can help mitigate losses during a ransomware attack. A liability insurance policy won't prevent the attack from happening. But it can help your firm recoup any financial losses after the fact.

Choose the Right IT Partner for Your Law Firm

Did you know that law firms with fewer than 20 employees are two times more likely to fall victim to a cyber attack than larger firms? Smaller firms are less likely to have robust security systems in place.

Here's the good news: a managed IT service provider like Northriver can help protect your law firm, no matter how big or small. 

As a law firm, you have tons of sensitive documents stored on your servers. These documents can look like a gold mine for ransomware attacks, especially since hackers know your company has the means to pay a ransom. 

Are you tired of stressing about falling victim to cybercrimes? Let North River IT do the heavy lifting for you. Call Northriver IT today to find out how we can help protect your law firm. 

Managed it services

Keeping the Hackers Out:

How to Improve Cybersecurity Measures at Your Law Firm

Download Your Guide Now

Take a Page from Our Playbook

Latest Posts