By now, every managing partner has heard the warning: Law firms and their clients’ sensitive information are a treasure trove for hackers.
But the ransomware attack Tuesday on DLA Piper sounded a different type of alarm for Big Law. The world’s biggest firms are just as prone to ransomware attacks as any other company, and the potential ramifications of a network-crippling malware infection are wide-ranging for a service industry that holds the legal fate of corporations in its palm.
Consider litigators unable to access motions on a deadline. Trial lawyers preparing for arguments without key documents. Transactional lawyers unable to communicate with clients attempting to close multibillion-dollar deals.
And of course, anxious and possibly angry clients.
“The domino effect of doing something like this to a law firm permeates so many different parts of business,” said John Sweeney, president of LogicForce, a startup cybersecurity consulting firm. “Suffice it to say, it’s going to touch hundreds if not thousands of different points of business, and not only in the U.S. It’s a nightmare, there’s no doubt about it.”
Phone lines at DLA Piper were down Tuesday across Europe and the U.S. According to media reports and a photo tweeted by Politico reporter Eric Geller in Washington, D.C., employees were instructed not to turn on their computers and to unplug their laptops from the network.
“All network services are down,” a whiteboard read in what appeared to be the firm’s Washington lobby.
A DLA Piper spokesman confirmed the firm had been the target of a possible malware attack that had affected a large number of organizations across the globe Tuesday, including pharmaceutical giant Merck & Co. Inc.
“The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware,” said DLA Piper’s statement. “We are taking steps to remedy the issue as quickly as possible.”
In a subsequent statement on the matter, DLA Piper said that on June 27 its “advanced-warning system detected suspicious activity on our network, which, based on our investigation to date, appears to be related to the global cyber event known as 'Petya.' Our IT team acted quickly to prevent the spread of the suspected malmare and to protect our systems.”
DLA Piper said its investigation and remediation efforts coincided with the firm working closely with forensic experts and law enforcement authorities, including the FBI and the U.K.'s National Crime Agency. "We are working to bring our systems safely back online," the firm said.
Much like the WannaCry ransomware attack that spread throughout the globe in mid-May, the new round of attacks reportedly requests a payment of $300 in Bitcoin in order to obtain a “decryption code” that may unlock an organization’s files.
While security experts were still scrambling Tuesday to determine the extent of the encryption or any other damage levied by the newest batch of ransomware, at least 27 organizations appeared to have paid the ransom as of early Tuesday, according to a blockchain transaction record.
A study released Tuesday by LogicForce shows the ubiquitous risk of hacking for law firms. The company surveyed more than 200 firms and found that all had been subjected to hacking attempts, while 40 percent of those attempts were successful. What’s more, the 40 percent of firms who had been hacked were unaware of it, according to the report. Sweeney said DLA Piper was not included in his company’s survey.
In response to being hit by ransomware, Sweeney said firms should perform a detailed investigation of their systems involving forensics professionals to determine how the ransomware attack entered their network. Part of that investigation should including attempting to mitigate any more damage that could occur.
The best-case scenario in some ransomware attacks would be having an incident response plan in place that involves an off-site server back-up that could potentially restore the systems’ computers, said Robert Rosenzweig, another cybersecurity expert and national leader of the cyber practice at insurance brokerage Risk Strategies Co.
LogicForce’s Sweeney commended DLA Piper for issuing a public statement about the ransomware attack, something few law firms have done or been forced to do.
“Can they circumvent whatever’s been done to their systems and get back online? I don’t know. That would be the best option,” Sweeney said.
One bit of fallout from the attack may be a renewed interest from law firms in purchasing cybersecurity insurance. The LogicForce survey states that 23 percent of firms polled had cybersecurity insurance policies. Those policies will pay for direct expenses associated with a hack, such as the cost of the ransom; hiring forensic investigators; and bringing on a legal team to advise the firm of its potential risk.
For damage done to clients as a result of a firm losing its ability to service them or their confidential data getting into the wrong hands, it is possible a firm would have coverage under a more traditional legal malpractice insurance policy, Rosenzweig said. He said a “business interruption” component in a cybersecurity policy may also provide some relief, but added that a loss of a law firm’s ability to service its clients due to a cyber breach could have long-tailed repercussions.
“The risk and the potential for a complex and expensive loss is a lot more significant,” Rosenzweig said.
The increased risk of ransomware attacks may also cause more law firm clients to perform cybersecurity audits as part of their hiring process, said LogicForce’s Sweeney. His firm’s report states that 34 percent of firms reported undergoing a cyber audit from a client, and LogicForce expects that number to grow to 65 percent by 2018.
“More and more clients are demanding these audits,” Sweeney said. “And quite frankly we’re seeing some law firms losing business because they can’t comply with the audit.”