Is Paying the Ransom Always a Non-Starter?

What Should Law Firms Do When Faced With Ransomware

Ransomware attacks are increasingly common, with some estimates suggesting that they’ve risen in frequency by nearly 500% from 12 months ago, according to Forrester Research. If your law firm IT were to be affected by such a cyber incident, would you pay the ransom?

Entertaining such a question seems to not only go against conventional wisdom but what IT security experts have long cautioned – that you can’t negotiate with the unscrupulous. Further, capitulating to hackers’ demands in no way guarantees that they’ll wind up surrendering the information stolen or encrypted.

However, given the sensitivity of the data involved, some IT authorities say it’s not so nonsensical a notion after all, as its in bad actors’ best interests to deliver on their promises when those they prey upon pay up.

Florida City Opts To Pay $600k To Retrieve Data

From small-business owners to international conglomerates, companies of all sizes have ultimately decided to cut their losses and pay the amount that perpetrators insist on. Even municipalities are acquiescing, the latest example being Riviera Beach, Florida. Located north of West Palm Beach, the city and its 35,000 residents have been unable to use public service utilities over the last three weeks because attackers hacked into the city’s network servers, disabling phone lines, emails and payment processing, The New York Times reported. Unable to retrieve the hijacked data, local lawmakers voted unanimously to pay the $600,000 ransom, which officials are hopeful will put computer servers back online as happened for a  Georgia county that paid $400,000 when it was victimized in March, according to The Wall Street Journal.

Riviera Beach spokeswoman Rose Anne Brown told the Times that it’s coordinating with law enforcement and informed them of its decision prior to wiring the money.

“We are well on our way to restoring the city system,” Brown explained.

“170 government entities have experienced ransomware infections since 2013.”

In addition to Baltimore, which is steadfast in its decision to not paying the ransom, Riviera Beach is only the latest municipality hit by such a cyberattack. Based on data obtained by CNN, no fewer than 170 government entities – meaning cities, counties or state – have fallen prey to ransomware infections in the last six years. Forty-five of these were sheriff’s or police departments. This may be particularly worrisome for law firms, given they’re often in regular communication with law enforcement regarding pending cases, which entails the sharing of data.

“We were crippled, essentially, for a whole day,” Albany Police Department patrolman Gregory McGee told CNN. “All of our incident reports, all of our crime reports, that’s all digitized.”

Acceding To Ransomware May Be Best Of Bad Options

IT teams were able to resolve the issue in New York’s capital city within 48 hours and did so without giving in to the offenders’ demands. However, given the stakes involved, many believe that paying should not be summarily dismissed as a non-starter.

“There’s a tendency to answer the question by sloganeering: Never negotiate with terrorists,” wrote Stephen Carter, law professor at Yale University, in an opinion piece for Bloomberg. “Otherwise, so the reasoning goes, you will get more terror attacks. But while this argument makes sense for those who are likely to suffer repeated attacks, it’s not clear that those less likely to be regular targets should reason the same way.”

Josh Zelonis, a senior analyst at Forrester Research, feels similarly, noting that cities who hold the line may suffer from diminishing returns as Baltimore is learning first hand. The financial fallout from the attack is believed to be in excess of $18 million and counting. In other words, the ransom demanded may be a pittance compared to the alternative.

“Many organizations significantly underestimate the scale of disruption they need to plan for or make too many assumptions about what functionality will continue to exist after an attack,” Zelonis warned.

He added that while paying the ransom may indeed be inadvisable, it should at the same time not necessarily be completely out of the question, but explored “in parallel with other recovery efforts to ensure you’re making the best decision for your organization.”

Of course, the best solution is to avoid becoming a ransomware victim altogether. This is possible by remaining vigilant.   Perhaps above all else this also means leveraging a multilayered approach to data security, including multifactor authentication, software patches, updates and a good disaster recovery plan.  Look to a reliable cloud solution, like the Afinety Cloud Platform, which runs on the largest and safest cloud provider in the world, Amazon Web Services to reduce your risk of outside threats in today’s world.

Case Study – AlvaradoSmith Reaches the Cloud With Afinety

AlvaradoSmith Saw 25% Cost Reduction With Afinety Cloud Platform

The legal world has changed a lot over the years, notably in how legal professionals do their jobs and interact with clients. Cloud platforms have impacted virtually every industry and promise to bring a multitude of benefits to those that adopt the technology. The question for law firms is, how can they take advantage of the cloud in a secure, productive way? Law firm AlvaradoSmith experienced the viability and the power of the cloud first-hand.

IT Network Changed To Afinety Cloud Platform To Achieve Goals

With 3 offices and 57 users, AlvaradoSmith represents defendants and plaintiffs with respective civil litigation, corporate and intellectual property cases. The firm handles employment and mortgage matters as well, supporting businesses of all sizes as well as individuals. With so many different kinds of clients and cases that could come through their doors, it was important to keep files confidential while also ensuring that AlvaradoSmith staff could easily access necessary information.

File cabinets and large folders are no longer viable for modern law firms. Papers can easily be misplaced, stolen or destroyed. The cloud has increasingly become the answer to these issues, providing an online platform for accessibility, mobility and flexibility. Office Coordinator, Gianna Stover, noted that data security is a major concern in the law industry, particularly as ransomware becomes a more prevalent threat. Clients want to ensure that their documents and information are protected, making it necessary to adopt a platform that can meet these needs. That’s where Afinety has made the greatest impact.

Migrating To Afinety Cloud Platform (ACP)

When it came to upgrading the existing on-premises network, AlvaradoSmith wanted to increase mobility for attorneys and ensure security across the board. Many AlvaradoSmith attorneys travel, and the fact that they could get on a laptop outside of the office without an on- premises network was a major advantage. Stover and the firm’s partners met with the Afinety team and discussed what life would be like once the Afinety Cloud Platform Network, powered by AWS would be implemented. They believed it sounded too simple and too good to be true, but once the solution was rolled out, their perception changed.

“The nicest part, which was one of our key selling points, was that we didn’t have to reinvent how we were practicing and what we were doing,” Stover said. “Our programs translated over into the Afinety Cloud Platform seamlessly. We were able to function as we did in the on-premises network and we didn’t have to change every piece that we used.  We just simply transitioned over.”

With Afinety, AlvaradoSmith was able to maintain and improve productivity. Afinety experts walked the organization through the migration step by step, and with diligent, methodical planning, the project progressed to completion without a scramble to get everything done. With their previous network, Stover described how each person was connected to the onsite servers. If one computer was affected by an outage, all users would be affected, creating an issue in rebuilding the workstation and getting everyone back online. The Afinety Cloud Platform runs on Amazon Web Services and provides a separate cloud workspace for every user, thus eliminating the possibility of one workstation affecting another.  If issues do arise, Afinety’s experts provide faster troubleshooting support to eliminate lag time and enable easier login processes.

Measurable Results Gained From ACP

Seeing the benefits of the Afinety Cloud Platform first-hand demonstrates the technology’s true power and serves as an example for how other law firms can reap these same advantages. Stover noted that the solution is more cost-effective than their previous setup, saving the firm over 25 percent compared to an onsite network! In addition, productivity has noticeably improved. Legal professionals at AlvaradoSmith now have faster, more secure remote flexibility that wasn’t available before. They can work remotely when they need to, not even thinking about the network. That’s the true experience of a solid cloud network.

The Afinety Cloud Platform runs on Amazon Web Services, making it a turnkey, secure solution for law firm needs. Storing data on this platform helps put minds at ease since AWS uses batch encryptions and other security parameters to protect sensitive data effectively. This ensures that client confidentiality can be upheld and that industry regulations are in compliance. Afinety has strong track record serving law firms since 1986, with more and more clients moving to the cloud each day.