Ransomware Attack on DLA Piper Puts Law Firms, Clients on Red Alert

And of course, anxious and possibly angry clients.

“The domino effect of doing something like this to a law firm permeates so many different parts of business,” says John Sweeney, president of LogicForce, a startup cybersecurity consulting firm. “Suffice it to say, it's going to touch hundreds if not thousands of different points of business, and not only in the U.S. It's a nightmare, there's no doubt about it.”

Phone lines at DLA Piper were down on the day of the attack across Europe and the U.S. According to media reports and a photo tweeted by Politico reporter Eric Geller in Washington, DC, employees were instructed not to turn on their computers and to unplug their laptops from the network.

“All network services are down,” a whiteboard read in what appeared to be the firm's Washington lobby.

A DLA Piper spokesman confirmed the firm had been the target of a possible malware attack that had affected a large number of organizations across the globe, including pharmaceutical giant Merck & Co. Inc. See, “DLA Piper Statement on Malware Attack.”

“The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware,” said the statement. “We are taking steps to remedy the issue as quickly as possible.”

Much like the WannaCry ransomware attack that spread throughout the globe in mid-May (see, “Will Ransomware Attack Make Law Firms 'Wannacry'?,” in our June issue, the new round of attacks uses the Petya virus and reportedly requests a payment of $300 in Bitcoin in order to obtain a “decryption code” that may unlock an organization's files. See, “WannaCry Some More? Petya Bitcoin Ransomware Attacks,” The Cointelegraph.

While security experts were still scrambling to determine the extent of the encryption or any other damage levied by the newest batch of ransomware, at least 27 organizations appeared to have paid the ransom as of early June 27, according to a blockchain transaction record.

In response to being hit by ransomware, Sweeney says firms should perform a detailed investigation of their systems involving forensics professionals to determine how the ransomware attack entered their network. Part of that investigation should include attempting to mitigate any more damage that could occur.

The best-case scenario in some ransomware attacks would be having an incident response plan in place that involves an off-site server back-up that could potentially restore the systems' computers, says Robert Rosenzweig, another cybersecurity expert and national leader of the cyber practice at insurance brokerage Risk Strategies Co.

LogicForce's Sweeney commended DLA Piper for issuing a public statement about the ransomware attack, something few law firms have done or been forced to do.

“Can they circumvent whatever's been done to their systems and get back online? I don't know. That would be the best option,” Sweeney says.

One bit of fallout from the attack may be a renewed interest from law firms in purchasing cybersecurity insurance. See, “Amid Hacking Threats, Law Firms Turn to Cyber Insurance,” The American Lawyer (March 21, 2016). A study by LogicForce released on the same day as the DLA Piper attack (see, “Law Firm Cyber Security Scorecard“) shows the ubiquitous risk of hacking for law firms states that 23% of firms polled had cybersecurity insurance policies. (The company surveyed more than 200 firms and found that all had been subjected to hacking attempts, while 40% of those attempts were successful. What's more, the 40% of firms who had been hacked were unaware of it, according to the report. Sweeney said DLA Piper was not included in his company's survey.) Those cybersecurity insurance policies will pay for direct expenses associated with a hack, such as the cost of the ransom; hiring forensic investigators; and bringing on a legal team to advise the firm of its potential risk.

For damage done to clients as a result of a firm losing its ability to service them or their confidential data getting into the wrong hands, it is possible a firm would have coverage under a more traditional legal malpractice insurance policy, Rosenzweig says. He says a “business interruption” component in a cybersecurity policy may also provide some relief, but added that a loss of a law firm's ability to service its clients due to a cyber breach could have long-tailed repercussions.

“The risk and the potential for a complex and expensive loss is a lot more significant,” Rosenzweig says.

The increased risk of ransomware attacks may also cause more law firm clients to perform cybersecurity audits as part of their hiring process, says LogicForce's Sweeney. His firm's report states that 34% of firms reported undergoing a cyber audit from a client, and LogicForce expects that number to grow to 65% by 2018.

“More and more clients are demanding these audits,” Sweeney says. “And quite frankly we're seeing some law firms losing business because they can't comply with the audit.”

***** Roy Strom, based in Chicago, covers the business of law for ALM, with a focus on how the Big Law business model is changing. He can be reached at [email protected]. On Twitter: @RoyWStrom.