Is your firm under attack?

The legal profession is one of the most vulnerable sectors to ransomware attacks due to the vast amounts of sensitive and critical information held by law firms. The unauthorized exposure or loss of such data could not only disrupt business operations but also tarnish reputations and lead to severe financial losses. Unfortunately, this sector is also one of the most frequently attacked by ransomware groups. In the last three years, as ransomware attacks have intensified, companies in the legal industry have suffered more than 200 attacks worldwide.

The importance of legal services to the UK economy

Legal services form an important component of the UK economy. As of early 2023, there were over 32,900 enterprises, including barristers, solicitors, and other legal service providers operating in the UK, with an estimated total revenue of £43.9 billion. More than 320,000 people work in the legal sector in the UK. Legal services are an important export of the UK, accounting for £6.8 billion of exports as of 2021. Professional services, which include the legal sector, are regularly at the top of analysts’ leader-boards as the sector most impacted by the cyber threat. The Cyber Breaches Survey 2023 found that 32% of surveyed UK businesses identified cyber attacks. The Solicitors Regulation Authority (SRA) published 278 scam alerts in response to reports from the public and profession between January 2022 and January 2023. These scam alerts highlight reports of people falsely claiming to be solicitors and firms, for example, on websites or in emails and telephone calls.

The US and UK legal services profession — the most-attacked in 2022

According to research, starting from 2021, the legal services sector faced an unprecedented number of ransomware attacks, with a total of 109 incidents reported. This surge in attacks was part of a broader trend, as all industries experienced a record-breaking 2,703 ransomware attacks that year. However, the situation shifted somewhat in 2022, with the number of attacks on the legal services sector decreasing to 52. Despite this reduction, the legal services sector still accounted for 2.3% of all ransomware attacks across various industries.

Over the past three years, ransomware attacks on legal firms have surged, with more than 200 incidents reported worldwide. The United States and the United Kingdom have been the primary targets, with 36 and 7 attacks, respectively, in 2022 alone. However, the next most-attacked countries are Belgium (2), Germany (2), and Argentina (1). The infamous LockBit ransomware group has been identified as a major offender, responsible for numerous high-profile attacks on legal services.

"This list of the top five most-attacked countries is unsurprising. Yes, US companies are always the most attacked, but Belgium or Argentina being on this list proves that attackers don't pick and choose by country or profession. They just look for the easiest, most vulnerable link," says Vakaris Noreika, head of product for NordStellar.

Businesses can protect themselves against ransomware attacks

Noreika suggests the best actions to start with when implementing practices to protect businesses from ransomware:

• File hygiene and encryption: Regularly back up and encrypt files to ensure data integrity and quick recovery in the event of an attack. If the company keeps the files encrypted, the information will be unreadable to hackers.

• Cybersecurity training: Invest in comprehensive training programs for employees, as human error accounts for 82% of cyberattacks. It should be organized regularly and have a holistic approach that includes every employee.

• Keep software up to date: Most cyberattacks either use social engineering to exploit the flaws in human nature or malware utilizing outdated software. Ensure everyone at the company understands the importance of keeping software up to date.

• Adopt zero-trust network access: Every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.

Methodology: Data was collected from publicly available blogs where ransomware gangs post the names of their victims and their demands. The ransomware attacks under investigation all happened during the period between 01/01/2020 to 30/04/2023.