Ransomware dark blue logo

Ransomware attackers double their efforts on law firms

Ransomware attacks are growing in both quantity and cost, and organisations are struggling to keep up.

In recent months, ransomware attacks have dominated headlines of the cyber-crime world. Taking down municipalities, schools, hospitals, universities, private and public organisations alike, the threat from successful ransomware attacks is larger than it’s ever been.

In 2019, 205,280 organisations lost access to important files due to ransomware encryption, according to security experts Emisoft. Average payouts also skyrocketed up to $84,116 in the last quarter of 2019, more than double the average cost in the previous quarter.

Law firms have been hit particularly hard recently, with a spate of attacks using the Maze ransomware strain crippling three separate firms in only 24 hours last month.

“Ransomware maintains its reign as the most widespread and financially damaging form of cyber-attack,”


The targeting of legal firms was only to be expected after hackers began the trend of exporting sensitive information during a ransomware attack, then threatening the victim organisation with its public release. Last month’s Maze attacks were no exception to this practise, the hackers first publicly posting the name of the infected firms online, then following suit with confidential data if they refused to pay.

Several government and law enforcement agencies have issued warnings and guidance regarding ransomware attacks. The European Union Agency for Law Enforcement Cooperation (better known as Europol) describes the gravity and breadth of ransomware attacks in great detail in its 2019 Internet Organised Crime Threat Assessment (IOCTA).

“Even though we have witnessed a decline in the overall volume of ransomware attacks, those that do take place are more targeted, more profitable and cause greater economic damage.”

With less than a month since foreign currency giant Currenex was crippled by the Sodinokibi (REvil) ransomware strain, Europol’s message regarding the increased targeting and damage of attacks rings very true.

“Phishing and vulnerable remote desktop protocols (RDPs) are the key primary malware infection vectors.”

Phishing still remains one of the most-used infection vectors during ransomware attacks, and organisations are fast looking to train their users how to spot phishing emails.

Even the most advanced security hardware cannot effectively prevent all phishing emails. When a well-targeted email arrives in a user’s inbox, the security and livelihood of the entire organisation rests on that user’s level of cyber-education.

“…as manay as 65% of [cybercriminal] groups rely on spear-phishing as their primary infection vector”

With such high threats posed by email-borne cyber attacks, it is imperative your users are properly equipped to recognise and mitigate these threats effectively and without jeopardising the security of the organisation.

At Phishing Tackle, we believe knowledge is key in protecting your organisation. We even went as far as to create a free tool which reveals how many of your users are susceptible to clicking a phishing email. Check out our Free Click-Prone® Test to find out.

While several expert organisations can help your organisation to recover after a devastating ransomware attack, the time, cost and disruption to your business confirm one thing: Prevention is better than cure.

Educate your users today.

Recent posts