Law firms and cyber-attacks: How to protect and to prevent
In May 2020, a prestigious New York-based media and entertainment law firm was reportedly attacked by the ransomware “REvil”. The law firm is said to represent some of the most famous public figures and the most well-known companies in the United States. The ransomware operators allegedly seized all data they deemed important before encrypting it, which is typical of a so-called double blackmail attack. The hacked data allegedly included sensitive private information of celebrities.
The attackers initially demanded USD 21 million, according to reports, and to prove their claims, they posted 2.4 GB of a famous client’s data online. The ransom demand was raised to USD 42 million after a week of unsuccessful negotiations. The attackers used an unprecedented approach as the law firm refused to pay: the stolen data was auctioned off, with the record of a famous singer allegedly sold at a base price of USD 1 million. The reputation of the law firm had been severely damaged by this incident.
A recently published article by the Zurich Bar Association (Zürcher Anwaltsverband, ZAV) explains how such an incident can ideally be prevented and what to do if a law firm is nevertheless the target of a cyber-attack.