At least five law firms have been the victims of Maze ransomware in the last month. The hacking group Maze uses phishing techniques to sneak ransomware into law firms' systems. They steal and then encrypt the firms' data. The hackers then threaten to release sensitive client information if payment is not received immediately.
Somewhat unique, however, is the hacking group's method of “proving" they have stolen the data. They create a website (on the clear web, so anyone can access it) and release parts of the stolen data. If payment is received, the hackers say, they will remove the name and information from the publicly accessible website.
Maze began targeting U.S. organizations in November. While it is not clear how many the group targeted, it is clear from the number of incidents already reported that law firms are a primary target. Other victims include the City of Pensacola and the wire and cabling firm Southwire.
According to the FBI, Maze uses multiple methods for intrusion, including posing as mock cryptocurrency sites and running spam campaigns impersonating government agencies and well-known security vendors. The ABA also has coverage.
The group poses as a legitimate business or government entity, asking an employee or contractor with access to a secure system to download software. Once installed, the software steals sensitive client information and then encrypts the data, rendering it inaccessible. The software can be transmitted through various innocuous methods, including PDFs, Word documents, ZIP files and Excel spreadsheets, according to the cybersecurity firm Emsisoft.
The FBI began warning private sector industries about the group at the beginning of the year, and has issued guidance for chief information security officers on how to prevent this type of malware.
Avoiding the ransomware starts with secure systems and employee training. It is important that everyone at the firm understand phishing techniques and when to avoid opening email attachments that look suspicious. For example, emails that suggest a matter is extremely urgent and an attachment must be opened immediately should be viewed with extreme skepticism.
Other tips include:
When sensitive client information is exposed in a data breach, you may have the legal obligation to notify your clients. The FBI does not recommend paying the ransom. For one, it seems unlikely that hackers would voluntarily get rid of information that has already proven valuable to them.
The FBI is continuing to investigate. Meanwhile, law firms might want to take this as a good reminder to update all employees about suspicious emails.