Lawyers Increasingly Targeted by Cyberattacks, 1017 COBJ, Vol. 46, No. 9 Pg. 18

• Author: MARK SPITZ, J.

Lawyers Increasingly Targeted by Cyberattacks

Vol. 46, No. 9 [Page 18]

The Colorado Lawyer

October, 2017

TECHNOLOGY IN THE LAW PRACTICE

MARK SPITZ, J.

In 2015, an attorney at Moses Afonso Ryan Ltd., a 10-attorney firm in Providence, Rhode Island, received an email from an unknown sender. When the attorney clicked on an attachment to the email, a malicious form of software called malware infected the firm's network and decrypted all of its data. The hackers demanded a "ransom" of $25,000 to provide a key to decrypt the data, which the firm paid in the form of bitcoin, only to find that the key did not work. By the time the firm was able to regain access to its data and electronic files, three months had passed. The firm claims it lost over $700,000 in revenue during that time as a result of the ransomware attack.^[1]

Cyberattacks on the Rise

Cyberattacks have become much more frequent in recent years, targeting both small companies and well-known companies such as Home Depot, Target, Yahoo!, and JPMorgan Chase. Cyberattacks can take many forms, including attempts to break into an organization's network; phishing emails or social media posts to someone within an organization containing an attachment or link with harmful software (often called "malware" or "ransomware"); or "denial of service" attacks that flood a website to the point that it crashes.

Hackers are often after customer credit card or bank account information, social security numbers, and other information they can sell for identity theft and other fraudulent uses. Or. they may be after a quick "ransom" payment, as in the case of the attack on Moses Afonso Ryan, or the recent WannaCry attack in May of this year. Law firms find themselves increasingly at risk, however, and the size of the firm is no guarantee against an attack. For example, in 2015 Cravath, Swaine & Moore LLP, and Weil, Gotshal & Manges LLP, two large New York firms, were attacked, allegedly by hackers based in China, lust this year, DLA Piper fell victim to the Petya cyberattack, which affected computers and systems worldwide, losing access to its email and telephone systems for more than a week.^[2]

How common are cyberattacks against law firms? The American Bar Association's 2016 legal technology survey report found that 15% of law firms surveyed, and 25% of law firms with at least 100 attorneys, had experienced a breach of some kind.³Due to the potential damage to a firm's reputation from publicizing a breach, however, it is quite possible that these numbers are much lower than the actual frequency of attacks.

Why Target Law Firms?

One may ask, why do hackers go after law firms? The primary reason is that law firms have information that is attractive to hackers. In the attacks on Cravath...