Like other embarrassing crimes, malware attacks often are not reported -- especially when law firms are the victims. It took a lawsuit for this one to come out.
A Rhode Island law firm has sued its insurance company for lost income suffered during a cyber attack last year. For three months, the firm's computers were held hostage by ransomware -- a form of malware that criminals use to extract ransom payments from victims.
Moses Afonso Ryan, a commercial litigation firm, says it lost about $700,000 in billable fees before hackers freed the computer system. The law firm wants Sentinel Insurance Company to pay for it.
In the lawsuit, the law firm says the malware invaded the computer network after a lawyer clicked on an email attachment. It locked up all of the firm's documents and information, effectively shutting down the workflow.
The firm hired computer experts to fix the system, but they could not unlock the network. The firm then paid a ransom in bitcoin to obtain decryption tools from the perpetrators, but the tools did not work.
After paying an additional ransom, the lawyers received new encryption tools and recovered most of their information. The total ransom was $25,000.
Sentinel, the insurer, says it paid the policy limit of $20,000. But the firm sued to recover the lost business, too.
Cost of Doing Business
Law firms are prime targets for cyber criminals because, as Willie Sutton reportedly said about banks, "that's where the money is."
Hackers look for information that they can turn into money, and law firms typically have a wealth of such information. Hackers targeted seven law firms known for mergers and acquisitions with more than 100,000 attacks over a three month period, according to the U.S. Securities and Exchange Commission last year, then traded on the inside information.
Ransomware works a little different because the hackers basically cut out the middle man. They want the money, not the information.
"We haven't really seen them remove the data," Special Agent Jeffrey Williams, of the FBI Boston division, said. "We've seen them encrypt it ... hoping for a payout."
White said the crime is vastly under-reported because businesses don't want to sully their reputation or reveal weaknesses.
"Usually they just pay them off," he said. "It's the cost of doing business."