Understanding targeted ransomware and its threat against law firms

February 26th, 2020
Understanding targeted ransomware and its threat against law firms

Targeted ransomware follows the same approach as conventional ransomware. And in 2020, it's emerging as a particularly dangerous threat to law firms. Understanding what it is and how it harms your network is key to protecting your law firm from this threat.

How is conventional ransomware different from targeted ransomware?

Ransomware is a type of malware that hackers use to encrypt victims' networks or files. This locks users out, preventing them from using their resources. After launching the attack, hackers inform the victims that they need to pay a certain amount, usually in cryptocurrencies, to obtain the decryption key and regain access to their resources. In some cases, hackers threaten to delete or expose the victims’ files to the public if they don’t pay the ransom.

Conventional or generalized ransomware is spread indiscriminately, most often through phishing emails or suspicious websites. It takes advantage of careless users or those who ignore cybersecurity best practices.

Targeted ransomware, on the contrary, is a deliberate and carefully planned attack. Hackers usually research and create a pool of possible targets. The targets they choose are:

  • Those whose systems bear weaknesses the hackers can exploit
  • Those that can actually pay the ransom

Additionally, generalized and targeted ransomware use very different types of software. Whereas the former uses software that’s readily available through the dark web — assuming you can access it, of course — targeted attacks use custom, more complex programs that have yet to make it to the black market.

Why is targeted ransomware becoming popular?

Because it has the potential to be extremely profitable, that’s why.

On one hand, targeted ransomware requires more active participation from the hackers than generalized ransomware does. In mass attacks, all the hackers need to do is choose a ransomware program, deploy it, and wait for people to fall victim and pay up.

Targeted ransomware, on the other hand, may even require live hacking to ensure that the infection spreads into the network as widely as possible. A successful attack could result in files getting deleted and time and money lost on fixing the damage.

That said, targeted ransomware can generate much higher profits than mass attacks ever can. To illustrate, 2017’s WannaCry ransomware attack that doomed more than 200,000 computers around the world gave the perpetrators an estimated $120,000 in total ransom payments collected. Meanwhile, a single targeted ransomware attack that hit Riviera Beach, Florida, in 2019 resulted in the perpetrators earning $600,000.

How can you protect your firm from targeted ransomware?

These steps can strengthen your defense against targeted ransomware:

#1. Back up your data

Implement regular backups of all of your firm’s files and store these in the cloud. If you can, store some of the backups in an offline storage location. So when an attack occurs, you can quickly restore your backups and continue serving your customers.

#2. Conduct regular training sessions

Like mass ransomware, targeted ransomware may also worm its way into your network through phishing emails. It is therefore important that your staff knows how to identify and avoid phishing messages.

#3. Disable macros

Macros automate simple tasks such as opening a tool that can view a certain file. They can, however, be used to automatically infect your system. Prevent this from happening by disabling macros. You can also use viewer tools that let you take a peek at a file without opening it.

#4. Get anti-malware software

Antivirus and similar applications detect malware and shield your network from infection. Some software programs do this by putting suspicious files on quarantine or downright deleting them, depending on your preferences.

#5. Monitor your system

Proactive monitoring allows you to detect and respond to any issue in your network before they cause lasting harm. Constant monitoring is effective against many types of threats, including targeted ransomware.

Protecting your law firm from rapidly evolving cyberthreats such as ransomware becomes easier when you partner with an expert. Hero’s specialists have years of experience in addressing multiple network threats. Call us today to get started!

Leave a comment!

Your email address will not be published. Required fields are marked *

It’s time to take downtime seriously. Discover why an MSP is your best ally against this threat. Download our free eBook today to learn more!Download here