The Florida Bar

Florida Bar News

Prepare now to thwart ransomware attacks

Senior Editor News in Photos

'Criminal actors definitely target law firms. We need to focus on this risk, because it’s not going away'

For weeks, a New York law firm chatted up an upcoming office soiree on its Facebook Page.

The day after the party, the office manager received an email from her managing partner praising the wonderful turnout – and instructing her where she needed to wire $150,000.

She did, the email was a scam, and the firm lost $150,000.

“Law firms are actually stalked online,” warns Brian Butterfield, managing partner of the South Florida firm Microtech Computer Services. “You have to be careful about your social media presence.”

Butterfield, whose South Florida firm provides IT and cybersecurity services to law firms, was one of three expert panelists in the June 25 ABOTA Ft. Lauderdale technology seminar, “Cyber Security: Legal Edition.”

Subtitled, “Dealing with Emerging Threats to Clients, Lawyers and Firms,” the free 1-hour and 45-minute panel discussion is certified for two CLE Technology credits. A video is available at “”.

Law firms may not be prime targets of state actors, like Russia or North Korea, but they are considered “low hanging fruit” in a cyber landscape estimated to contain 10,000 security threats, Butterfield said.

“Right now, in a personal injury firm, you have so much protected information in your system that’s worth so much money on the dark web,” Butterfield said.

Joining Butterfield on the panel were former U.S. intelligence expert Bruce Spector, now chair of Baltimore Cyber Range, LLC, and Robert D. Reynolds, president and CEO of Morris & Reynolds Insurance, one of the oldest and largest independent agencies in Florida and a provider of cyber liability coverage.

The recent ransomware attack on Colonial Pipeline was part of an alarming trend, Reynolds said.

Today’s average ransomware payment of $310,000 has zoomed 171% since 2019, and between 2019 and the first quarter of last year, the number of reported ransomware demands increased 100%, he said.

That is likely an underestimate because many victims, fearing “reputational damage,” don’t report attacks, Reynolds said.

“Criminal actors definitely target law firms,” he said. “We need to focus on this risk, because it’s not going away.”

Spector said 86% of ransomware attacks begin with “phishing,” where cybercriminals persuade someone to click on a virus-laden email link.

For that reason, law firms should have data management procedures and cybersecurity training that is tailored to upper level managers, associates, and lower level employees, he said.

“There is not one magic thing that will solve your security problems,” he said. “Look at the various parts of your firm…first and foremost, it’s your personnel. Eighty nine percent of your risk is going to come from your people.”

Butterfield said he arranges to perform “pen” or penetration tests on his law firm clients. The employee who is caught clicking on a dangerous link is sentenced to further training, he said.

“That’s not to call anybody out, that’s not to bring anybody to the woodshed,” he said.

No firm can become completely immune and managers should think about a worst-case scenario, Butterfield said.

“You don’t want to wake up and have your data encrypted and not know what to do,” he said. “Backup, I cannot stress it enough.”

Backing up a firm’s data on the same system that manages the daily data flow is not a true backup, Spector said. Law firms should have three copies of their data, and one backup should be offsite.

Ransomware attacks are not only proliferating, they’re growing more sinister, Reynolds said. Criminals now threaten to expose the data publicly on an “extortion site” if the victim refuses to pay.

“At the end of 2019, there was one ransomware group that had an extortion site online, publicly available,” he said. “Now today, there are at least two dozen.”

The experts agreed that cyber insurance is a good idea, but not as a sole means of addressing the risk.

Because the cyber insurance market only came into existence in the 1980s, there is little standardization in the industry and coverages vary, Reynolds said. Premiums are rising with the risk, he said.

“The general commercial marketplace is difficult and going through a cycle,” he said. “That will typically level off in a couple of years. Risk management, to me, is the key.”

News in Photos