British law firms called on to arm themselves against ransomware

The UK’s National Cyber Security Center (NCSC) has called on law firms in the country to arm themselves against ransomware. In 2021, eighteen law firms informed the British regulator SRA that they had fallen victim to a ransomware attack. Documents from 60 court cases were stolen from one law firm and then published on the Internet. The law firm was fined 114,000 euros by the British privacy regulator last year. How the attackers gained access to the law firm’s systems is unknown, but a known vulnerability may have been exploited. A security update for this vulnerability appeared in January 2020, but the law firm did not install the patch until June of that year. According to the NCSC, many law firms, especially smaller firms and independent lawyers, use external IT suppliers. This makes it difficult for these firms to determine whether the solutions offered are sufficient for the threats they face. “A small law firm with few resources can be devastated by a ransomware attack,” the NCSC said. The UK government agency advises law firms to make regular backups of important documents, keep software up to date, carefully monitor what software is allowed on the network, limit remote access, install antivirus and create a recovery plan to act in the event of an attack.