stay connected facebook twitter YouTube LinkedIn
Forefront eNewsletter


Ransomware 101

Ransomware! In the legal industry, it is one of the hottest topics in cybersecurity, and it is important to understand how to limit the impact if your firm is compromised. There are numerous articles, white papers, and reports from sources such as the FBI, Department of Homeland Security, as well as other experts and researchers. They often bring about awareness of the latest hits, who’s been affected and how, as well as tips for protection. But are you truly aware of what ransomware is, how it’s evolving, and why it is so dangerous to your thriving business? If you stay up to date at all, then you know that it is EVERYWHERE! Here, we provide you a little “Ransomware 101,” where WAMS will run you through a crash course on the basics. No need to open up that Google tab anymore when you receive Ransomware warnings and reports. We will provide you all that you need to know and get down to the nitty gritty on ransomware and exactly why educating everyone on this topic will be highly beneficial to your firm.

Ransomware, as defined by the FBI “is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. Ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail attachment that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised website.” To be clear, malware is software that is intended to damage or disable computers and computer systems. Probably the most unsettling aspect of ransomware today is that it is constantly evolving and changing, with so many different strains out there and new ones being created all the time.

There have been forms of ransomware around for the past two decades, but CryptoLocker was revolutionary. The original was shut down in 2014, but prior to its demise, hackers extorted almost $3 million from victims. A newer example of ransomware that made headlines is Locky. Essentially, Locky is spread using spam most often disguised as a scrambled invoice that prompts the target to enable macros to read the document. With the macros enabled, Locky encrypts files using AES encryption, and once encryption is finished, bitcoin ransom is demanded. The worst part is sometimes it will take more than one payment to recover your system. Last, but certainly not least of the noteworthy ransomware strains is KeRanger. It was recently discovered on a popular BitTorrent client. It has not been widely distributed thus far, but it is unique as it is known as the first fully functioning ransomware designed to lock Mac OS X applications.

Ransomware has been growing for years, but April of 2016 to date has been documented as the worst month for ransomware in the USA. Ransomware attacks can begin with an act as simple as opening or previewing an email. That’s right; opening a malicious email is the equivalent to opening the door for a criminal to take control of your data and system in the office.

Three words that you probably read or hear all the time are phishing, spear phishing, and whaling. These are tactics used not only to commit fraud, but also to attack your devices and infect them with ransomware. So let’s break it down from here and distinguish between the three. Phishing refers to simply posing as a legitimate company to fraudulently gain information. Spear Phishing refers to email appearing to be from a business you know seeking important information. Whaling refers to fraud that targets high-profile end users such as C-level corporate executives, politicians, and celebrities. Whaling is the most recent trend in cybercrime and has proven very effective in the past three years, with more than 22,143 reports of whaling attacks. Your company shows a higher risk for attack if you have a team page on your company website, if you have a finance department, and if your employees are shown on LinkedIn or other social media sites. Common misconceptions are that this will not happen to your business because your firm is small. But 70% of attacks lead to a secondary target, meaning that you could just be a stepping stone for attackers to hurt some of your largest clients. Another important fact to note is that firms and businesses under specific compliance laws, such as HIPAA or PCI, can be shut down or lose a significant amount of business due to a security breach that breaks these laws.

WAMS provides email security, firewalls, and other technologies that can (and should) be used to protect yourself, your employees, and your clients. We have a few suggestions for some of the best practices to ensure that these attacks do not happen to your firm:

  • Train your employees and keep them aware and updated on trends in the industry as well as how to be aware of emails that could be malicious/infected so you do not compromise your entire network
  • Have a strong password policy in place that your network administrator enforces so that your employees do not have passwords that are easy to guess, which puts your organization at risk
  • Ensure that you have a redundant backup system in place which will not only foil some of the worst and newest ransomware attacks, but will also protect you from employee error, natural disasters, and even potential hardware failures
  • Have a secure firewall that is checked frequently as routine maintenance. Your firewall will provide a frontline defense against hackers and block everything that you haven’t specifically allowed to enter or leave your network.
  • With the increase of phishing, spear phishing, and whaling attacks, every firm should have some form of email security in place. At WAMS, we recommend Mimecast to our clients and also use their email security internally to protect our own business.

We know that you take your business and your information as seriously as we take ours. Understanding what ransomware is and the way cybercrime is affecting other businesses is one of the first steps you can take to protect your business. The second is to use your newfound knowledge to ensure that you have an educated staff, as well as the proper systems and policies in place to keep your firm safe. Ask your IT service provider as many questions as you can possibly think of about the services and protections that you have implemented now to prevent these kinds of attacks on your firm.


WAMS has been providing law firms with comprehensive, high-quality IT/computer consulting and support solutions since 1974. Our legacy of superior quality and service continues today as we design, install, and maintain a vast network of both onsite and cloud-based computer systems specifically tailored for each unique client. Click here for more information.

Back to front page   |   Contact Forefront