The National Cyber Security Centre (NCSC) of UK has issued a warning to all law firms operating in Britain and European Union to step-up their security capabilities against ongoing ransomware attacks- some funded and propelled by adversaries.
Legal data or the information related to court cases now seems to have attracted the attention of cyber criminals as they have launched around 7 file encrypting malware attacks to siphon data from almost 13 laws firms across the world, in a span of just 3 months.
Compounding the woes, a notorious gang from Russia took a step forward by releasing the stolen info related to 60 court cases from the database of Tuckers Solicitors onto the dark web. And surprisingly, few of the hackers made a $160-$190 bid to crack that information for future use……strange by true!
Though the law firm was slapped with a penalty of £98,000 for failing to keep its customer info secure, the damage was done, as the criminals managed to tarnish the business image of the company, facing a trial from one of its partners that was supposed to be kept as a secret. But was disclosed to the world by the hackers.
NCSC reiterated in the threat report that lawyers dealing with cases related to human rights and software abuse like the one seen in Pegasus software sale by NSO Group; should stay extra cautious in storing and accessing the data as it can become a victim to spying eyes.
Moreover, if at all they fall prey to double extortion or triple extortion campaigns, they should instead stay resilient by containing the incident and rely on backups, also contact the law enforcement to do the needful.
