Ransomware hijackers of law firms’ computer systems have been paid off on eight known occasions in the past six years, according to a global survey on cyberattacks published this week.
The report, by technology researcher Comparitech, identified 138 individual ransomware attacks on the legal sector, with nearly 3 million individual records compromised.
In a ransomware attack a hacker exploits a security breach to take control of systems and demands a payment in cryptocurrency. Law firms are attractive targets due to the sensitivity of data they hold, the report states. ‘Hackers can shore up their chances of securing payment by threatening to put solicitors’ clients’ data on the dark web if their ransom demands aren’t met.’
In the largest known demand, a New York firm refused to pay $42m to a gang that obtained data on clients including Donald Trump. In 2022, top 100 UK firm Ward Hadaway secured a London High Court injunction against ‘person or persons unknown’ against releasing of data obtained by hacking. ‘How successful this was against anonymous hackers, however, is debatable,’ the report observes. A ransomware attack was also behind the 2022 failure of the Ince Group, according to the report.
The UK is the second biggest reporter of ransomware attacks on the legal sector globally, behind the US, the report finds.
Earlier this year security consultancy One Brightly Cyber reported a ‘targeted campaign’ against law firms and chambers in London, with a spike in activity on 24 May.