Law firm hit by ransomware sues its insurer for $700k

Moses Afonso Ryan (MAR), a law firm based in Rhode Island, is suing its insurer over a denial of coverage after a ransomware attack locked down the 10-lawyer firm’s computer files for three months.

According to the firm’s suit, the attack cost MAR more than $700,000 in lost business. It claims that Sentinel Insurance breached its contract by refusing to pay out for what it calls a “business income interruption,” which is covered in the firm’s policy.

Botched ransom

MAR’s computers became infected with a ransomware virus in May 2015, when an attorney at the firm opened an email attachment from “an unknown source.” MAR was then quickly “locked out of its documents” and lost virtually all access to its computers.

After cybersecurity experts, hired to return the firm’s computers to operation, failed to remove the ransomware, MAR made contact with the perpetrators of the attack and agreed to pay a ransom of 13 bitcoins (worth around $7,000 at the time).

However, because MAR didn’t have an existing Bitcoin account, and the currency can only be purchased at a rate of two-a-day, the firm had to wait a week to make the payment. After doing so, MAR was given decryption tools that, by July, its computer experts realized weren’t working.

MAR then contacted the criminals again, negotiated a second ransom, accumulated the necessary bitcoins, and eventually gained access to decryption tools that recovered the majority of the firm’s information. However, it was unable to recover data stored on a temporary server that it used in the three months that its systems were down.

The company said that it paid a total of $25,000 in ransom.

Attacks on law firms

Unfortunately, attacks like these on law firms are all too common. Brian Levine, senior counsel at the Department of Justice’s Computer Crime and Intellectual Property Section, believes law firms are perceived as softer targets than other industries.

In 2016, more than 50 law firms were targeted by a spear phishing campaign conducted by a group known as Oleras. The group targeted some of the best-known US law firms, aiming to gather information that could be used for insider trading.

Similarly, a phishing campaign was targeted against Florida State Bar members last May. The emails’ subject line was “Florida Bar Association Past Due Invoice.” The scam then spread to lawyers in Nevada, California, Georgia, and Alabama.

Recognize phishing emails

Knowing how to spot phishing emails is a crucial skill in protecting yourself and your business from ransomware. A study by PhishMe found that people are 20% less likely to click on a link from a phishing email after falling for a simulation just once. With a more comprehensive lesson in preventing phishing emails, that number would surely drop even further.

If you enroll your staff on IT Governance’s Phishing Staff Awareness course, you can show them how to recognize and respond to phishing attacks, and what happens when they fall victim.

Find out more about our Phishing Staff Awareness course >>