The evolving threat of ransomware in the legal sector


Read time

Firms of solicitors manage a wealth of confidential and sensitive business information as well as personal data, making the legal sector an attractive target for cyber attacks. 

Beazley Breach Insights for Q1 2020, shows that there are still a variety of attacks occurring, including an increase in ransomware.

Ransomware is a type of malicious software that is designed to block access to your computer systems and data until a ransom is paid.  What we are now seeing evolve is a new wave of ransomware such as Maze and Sodinokibi that is stealing data first, before the ransomware is executed. [1] If organisations do not pay then the cyber criminals slowly make the information available to the public or auction it off on the dark web, which can have a large financial, reputational and regulatory impact.

This new wave of ransomware is increasing the severity of cyber losses and earlier this year five law firms were targeted with this type of attack. [2]

Ransomware is a criminal money-making scheme and can be implemented through a number of ways such as malicious links in emails or on social media, malicious attachments, visiting infected websites known as drive –by- downloads and by exploiting vulnerabilities found in operating systems and software.

How can firms of solicitors can reduce the risk to ransomware:

Cyber risk will be unique to each business and therefore awareness of what you have to protect is essential.  We recommend that you have an effective Incident Response Plan (IRP) in place in the event of a cyber incident as well as a consideration of the following:

  • Stay on top of patches and updates to software and operating systems - Network infrastructure, remote working devices and Virtual Private Networks (VPNs) to ensure that you are protected against the latest known vulnerabilities.
  • Ensure that you have antivirus and threat detection software and that it is updated to protect  against the latest security threats.
  • Ensure regular on-line and off-line backups and ensure that they are tested and working effectively and securely.
  • Avoid the use of public Wi-Fi offered in public places such as coffee shops, hotels, shops and airports. Security in most cases is lacking on these networks and can allow Hackers to slip malware onto your device through weaknesses found in your operating systems or software without you even knowing that they are doing it. Our advice is to always use a VPN to keep your device and information safe.
  • Employee training to provide greater awareness of phishing and best practices when it comes to trusted websites and sources of information, clicking links, providing personal information and following protocols. This training is essential as the first line of defence and creating the right security culture.

The National Cyber Security Centre (NCSC) provides 10 Steps to Cyber Security and a number of free online training tools:

  • Having plans in place should things go wrong: test and practice your business cyber incident response using the ‘Exercise in a box’ tool. 
  • Reducing cyber incidents caused by employee behaviours: educate your employees using the ‘Top Tips For Staff’ training tool; and
  • Other useful on-line courses around managing third party cyber security risk and more.

How can Cyber Insurance become a valued part of your resilience plan?

One of the key aspects of Cyber Insurance, which differentiates it from other traditional insurance products, is that it is a service-led proposition.

The service provides 24/7 incident response, IT forensic specialists to mitigate and remediate events, along with other remediation costs, such as Public Relations to mitigate reputational damage, data restoration, notification expenses, credit monitoring and more during times of high tension and required fast-pace action.

 As cyber has evolved, we now know that first party losses account for a high proportion of cyber claim costs today, with Cyber Insurance also offering protection for:

  • Loss of income caused to you by an interruption to your network or your cloud service provider.
  • Protection due to reputational damage arising from a cyber event.
  • Theft of own funds through electronic compromise and social engineering.
  • Regulatory fines and investigations if permitted.

As an important part of your risk management strategy contact us to find out more!




Kathryn Brown

Chartered Insurance Broker ACII CISMP, Associate Director – Cyber & Technology Solutions