WatchGuard Blog

Endpoint protection offers an anti-ransomware measure for legal firms

Share on LinkedIn Share on X Share on Reddit

For legal professionals, digital transformation also delivers significant benefits. Integrating technologies such as e-signatures, automating contract creation, Cloud-based collaboration tools, AI-powered documents, clause and contract review tools, and Cloud-based services are boosting the competitiveness of law firms in the post-pandemic world. 

However, these technological advantages for legal professionals can be threatened through exposure to cybercrime.  

Cybersecurity: a growing concern for the legal profession 

According to data published by Forbes, the legal sector received an average of 636 attacks per week in 2021, an increase of more than 68% compared to the previous year. 

For law firms, a breach not only means risking losing a client but can also do serious reputational damage. This adds to the high financial risk involved. Law firms handle sizeable amounts of valuable data that can prove very profitable for cybercriminals. The fact that much of this data is sensitive is a way of exerting pressure. As well as encrypting files, hackers sometimes upload information to their servers beforehand and threaten to publish this confidential data in case of non-payment. This why law firms are more likely to pay the ransom or meet the malicious cyber actor’s demands if they are hit by a ransomware attack.  

According to a study conducted by Capterra, 69% of law firms that were victims of ransomware attacks in the US paid the ransom, out of which 65% were able to regain access to their data, which shows that paying the ransom does not guarantee that stolen information will be recovered. Furthermore, according to data collected by ENISA in a study analyzing reported cases of ransomware in the EU, UK and US between May 2021 and June 2022, 10 terabytes of data were stolen each month. In 37.88% of cases the stolen data was compromised.  

The ransomware lifecycle 

The ransomware business is highly profitable. It is estimated to be worth more than six billion euros a year and this trend continues to grow.  In order to explain how ransomware works, here is a breakdown of the stages threat actors follow: 

  • Initial access: the attacker gains access through password theft, brute force, a software vulnerability or by impersonating a user. Once inside the system, the hacker will attempt to discover critical identities to obtain login credentials to gain access and evade conventional protection measures.
  • Consolidation and preparation: once they have gained access to the network, hackers either enter with malware containing a package of all the tools needed for the attack or download the tools they need after the intrusion. 
  • Lateral movement and privilege escalation: in this phase the perpetrator escalates the attack by moving around the infrastructure to find out how to extract critical data while bypassing security layers and gaining additional privileges.
  • Impact on the victim: once the primary protection of the system is disabled, the malicious cyber actor attempts to exfiltrate sensitive data from the endpoint, destroy the organization's backups, and finally encrypt the system and data. 

Protecting the legal signature endpoint  

Law firms need to have solutions in place that ensure network visibility and over which they have full control in order to mitigate threats. The best defense against advanced attacks is prevention, detection and timely response, in other words, the attack chain needs to be broken. But how can my endpoint security solution achieve this?  

  1. First of all, it will block malicious emails and prevent access to unknown malicious URLs by closing this entry route. 
  2. If a threat actor is not blocked and the user accesses the malicious site, the tool will block the hacker using its anti-exploit technology, which prevents access through a vulnerability, either known or unknown.  
  3. In the worst-case scenario, if the hacker manages to place ransomware on the device, the tool will prevent the malware from being downloaded, either by checking against local generic signatures and analyzing the file with heuristic technologies or by querying collective intelligence in the Cloud. The eBook Understanding Cyberattacks explains this topic in more detail. 
  4. If ransomware is downloaded and attempts are made to execute it at the endpoint, the Zero-Trust Application Service identifies the binary as unknown and prevents execution.  
  5. If the hacker takes control of an endpoint and employs "living-off-the-land" techniques, context-based detection technologies will block any attempt to misuse system tools. 

For legal professionals who do not wish to be seen as negligent, ransomware protection has gone from being an option to a recommended practice through using an advanced endpoint security solution to protect their firms, clients and reputation. The eBook Escape the Ransomware Maze discusses all aspects of this type of attack and outlines what you can do to defend your firm against this threat.