A New York based law firm, Grubman Shire Meiselas & Sacks, who are predominantly used by the world’s rich and famous, have suffered a substantial cyber attack.
The cyber criminals claim to have access to over 756 gigabytes of the law firm’s and its client’s personal data, including legal contracts, personal email accounts and email communications.
All clients have been notified and the firm are working with leading cyber security experts to try and regain access to their data.
A Grubman Shire Meiselas & Sacks press statement commented:
“We can confirm that we’ve been victimised by a cyber-attack.
“We have notified our clients and our staff. We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”
The hackers accused of the breach, REvil or Sodinokibi, were responsible for the ransomware attack on Travelex at the start of the year.
Ransomware is a type of malicious software, designed to deny access to a computer system until a ransom is paid. It is often spread through phishing emails and can be particularly devastating to a business of any size.
The criminals have already posted a picture of the files they have access to which include details of Madonna’s world tour and what appears to be the various folders of data on celebrities including Bruce Springsteen, Bette Midler, Mariah Carey, Nicki Minaj and Run DMC.
It is unclear if the cyber criminals are asking the law firm to pay a ransom, but the leaked images will certainly add a layer of validity and potential damage they could inflict on the firm.
Jen Williams, head of security at the Practical Vision Network, commented:
“Luckily the advice on that is nice and straightforward.
“1. Make sure it doesn’t happen in the first place! Make sure that all of your software and operating systems are up to date including your antivirus solution. lots of firms don’t have the scanning facility turned on! Make sure your Antivirus has anti-ransomware capabilities. Train staff to look out for suspicious emails and not to click on links or files that they don’t recognise.
“2. Make sure that if it does happen, you’re in a position to recover quickly. The firm should have kept backups of these files to enable them to recover quickly. They should also have a trusted security partner that will help them to respond to these incidents.
“The best way to make sure this doesn’t happen to your firm is to make sure that you have an external set of eyes on your basic cyber security controls. When you’re in a business all day every day, it’s really difficult to look objectively at these things.”
Brett Callow, threat analyst at Emsisoft, said
“Companies in this position have no good options available to them.
“Non-payment of the demand will result in the information being published; payment will simply get them a pinky promise from criminals that the stolen data will be deleted.
“These incidents are becoming increasingly commonplace and increasingly concerning. And incidents involving law firms are even more concerning due to the sensitivity of the data they hold.”
What can I do to protect my organisation from a ransomware attack?
Here are some steps you can take to prevent your organisation from falling foul of a ransomware attack:
- Encourage your employees to change their passwords regularly – this prevents hackers from gaining remote access to your systems
- Store and dispose of data securely – you never know if or when important documents or old storage devices could fall into the wrong hands
- Staff training – this could be on spotting the signs of phishing emails, but also enabling employees to take part in social engineering training which would allow you to test your resilience against a cyber attack
- Ensure your anti-virus software is up-to-date, and ensure your software regularly scans your systems to check for any viruses
What should I do if my business is hit by a ransomware attack?
In the first instance the advice is not to panic.
Take a moment to take stock, then try to take control of the situation as best you can. For Travelex this meant taking their systems offline, to contain the attack.
Although the attack compromised Travelex’s online systems, they were still able to conduct business face-to-face in their branches by completing transactions manually using pen and paper.
A manufacturing company, also had to resort to taking all of its systems offline, and return to old fashioned methods of manufacturing as a result of a ransomware attack. So no matter the size of the business, taking a moment to take stock always seems to be the best advice.
Communicating to your stakeholders, employees, clients and where necessary the general public, will demonstrate that you can be trusted, and you’re not trying to hide the fact this has happened to you. It may be worthwhile hiring a PR agency that can help manage this aspect for you, if you don’t have the capabilities in-house.
Don’t pay the ransom demanded by the cyber criminals. Travelex faced a threat of pay up or the criminals would have released personal data into the public domain, but this didn’t force the company’s hand. They continued to work behind the scenes, restoring their systems.
By bowing to the criminals demands it would demonstrate that the company is an easy target for criminals and may encourage them to come back and try the same tactic for a second, third and perhaps fourth time if any attach had been successful.
Chat to your IT team, local police force or Action Fraud who will be able to offer you advice.
