Legal Field IT Specialists CEO, Robert Finley, answering some questions from firms regarding an additional sneaky way hackers infiltrate law firm networks:

What is the general routine hackers use when holding a business' data hostage?

Today, cybercriminals are gaining control of computer networks, collecting information, selling data, and rendering files useless by encrypting them so nothing is accessible. The criminals will demand a ransom in exchange for releasing the company's own files back to them. It's not just happening with enterprise and large corporate firms these days, but small business all over the country. According to Cybersecurity Ventures, ransomware damages in 2018 likely exceeded $8 billion dollars and in 2019 damages likely exceeded $11.5 billion - with a ransomware attack made on businesses every 14 seconds.

As these kinds of news stories continue to break, more small business owners are becoming aware of the seriousness of these attacks. When a business does become compromised, the only way to unlock files that were encrypted is to pay the ransom with no guarantee your data will be returned. The sad reality is, some ransomware is so sophisticated that once a network is compromised, it's almost impossible to regain access to encrypted files-not even by a specialist provider, or the FBI for that matter.

To protect themselves the attackers generally demand payment via Bitcoin or some other form of crypto-currency, which makes it difficult for traditional law enforcement tracking to follow. Hackers originally targeted companies that clearly had money such as enterprise, hospitals, and financial institutions. As the larger organizations adapted and invested in security and monitoring, the hackers moved to target small to medium-sized businesses that tend not to invest in those areas until it is too late.

Hackers commonly use automated tools to scan the Internet to see which businesses have vulnerabilities such as misconfigured or unpatched firewalls, servers, and websites. When they find one that does, they breach the network to infect, track, steal or manipulate your information. They can do this from the comfort of their own home halfway around the globe. In today's everything internet-connected world, not making cybersecurity a priority is an enormous, avoidable mistake that can close a business in just a few minutes.

Is a hacking attempt always noticeable to the business' management?

Not necessarily.  One of the tactics that these criminals use after penetrating a network is to watch activity before doing anything malicious, with you completely unaware. As such, employees continue to perform their normal tasks including accessing confidential & privileged information, intellectual property, and other delicate information, providing the hacker a look at the business’ most valuable and sensitive data.

Here is an interesting story: There is a business in our area that was hacked. The attacker had been watching their network activity for months building a profile on them under the radar. He eventually encrypted their files and demanded a large ransom. The company's CFO responded by saying they could not pay the ransom because they couldn't afford it. So, the hacker, having been collecting data for months before the locking of their files, then sent them a copy of their own financial statement from the previous month, and he said "You have plenty of money. You can afford to pay." Although the company had a backup system in place, it was also encrypted so they ended up paying the ransom.

The time from when a hacker gets into a network to when they actually do something is unknowable. It may be a day or two, or maybe several months or more. That unknown amount of time where a hacker has undetected access to a network to when they are completely removed, is called the "dwell time." During the dwell time, they could be doing anything from collecting information, reviewing files, or scanning account and social security numbers to analyzing how you and your office works, or leaking information to a competitor or regulatory agency. This may be all totally under the radar and undetected if your network isn't properly protected and proactively monitored from a security standpoint.

If you want to make sure that your firm is properly protected call us today. Legal Field IT Specialists provides tailored IT support services to law firms to protect them from the dangers of online threats as well as working with you to ensure that your staff is highly productive & efficient which, in turn, increases your firm's profitability as a whole.

Phone: (678) 926-9192