Daily Dispatch

Cybercrime

Ransomware: Backing Up from Trouble

By | Dec.08.15 | Daily Dispatch, Law Practice Management, Legal Technology

Hacker © iStock - Agustinc

Look, I get it. Computer backups are a bother. It’s something a staff member typically takes care of, or maybe your IT consultant has you covered. I observe, however, that few lawyers really know what’s actually going on with their computer backup process. In the past, for the most part, maybe that was fine. But times are changing.

It’s easy to get comfortable with the way it’s always been — incremental backups, digital tapes, rotating off-site, check. But that’s not good enough anymore. The backup process is taking center stage again, and you must be sure it isn’t “state of the art for 1999” in your firm.

This Is a Stickup!

Here’s the big problem. There is a category of malware known as ransomware. Should your computer network ever become infected by one of these bad boys, you’ve got a very serious problem. In short, your data will be encrypted and then you will be told how much you need to pay to receive a decryption key that will enable your IT person to recover your files.

Fail to pay and, well, let’s call it like it is: I hope you have one heck of a talented IT specialist on speed-dial. But there are no guarantees. They may not be able to get you back up and running.

While there are a number of different families of ransomware, the Cryptowall family has caused all kinds of havoc the past few years. In recent weeks it has evolved into something truly frightening.

In a nutshell, Cryptowall is often initiated by someone opening an attachment that purports to be a business document or invoice. Once it’s enabled, the malware will start to encrypt your data, including data on all mapped drives. Depending on the specifics of your network, we’re talking about mirrored drives, backup drives that are attached to the network via a USB port, the server — and the list goes on.

You see the concern? And this latest version of Cryptowall makes things even worse. It is now able to scramble the file names of all encrypted files, which means any IT specialist addressing the situation will run into serious problems trying to recover anything. This version is also harder to detect with antivirus software. As if that wasn’t bad enough, Cryptowall can now identify and erase restore points as well. That means the option of trying to recover at least most of your data by restoring the system to a date prior to the infection is off the table.

Back Up, Back Up, Back Up!

My point is this: You can’t sit back and hope your trusted staff or IT guy has you covered. You really do need to know if your backup process is today’s state of the art. If it isn’t, fix that ASAP.

Backups need to be full backups that are properly and securely stored in the cloud or on a series of drives that are disconnected from the network and rotated off-site. The frequency of the backup process should be driven by how difficult it would be to re-create any information if everything was lost at any given time. For some, weekly may suffice. For others, it may be daily.

Talk with your IT support person about threats like Cryptowall and heed all the advice given. Of course, there are a number of other things you might do to guard against being yet another victim of ransomware. But that may be for naught if you still end up getting hit and have no viable backup to use to rebuild your network. Your only option will be to pay the ransom and hope for the best.

I see that as asking for trouble. How about you?

Mark Bassingthwaighte is a Risk Manager with Attorney’s Liability Protection Society, Inc. (ALPS). In his tenure with the company, he has conducted over 1,000 law firm risk management assessment visits, presented numerous CLE seminars, and written extensively on risk management and technology. Mark received his J.D. from Drake University Law School. He blogs at @ALPScorp. Contact him at mbass@alpsnet.com.

Illustration ©iStockPhoto.com

Sponsored Links

Recommended Reading

Comment