“Our probably fastest-growing sector right now is the legal sector” J. Paul Haynes, eSentire’s CEO


Ransomware is a type of malware that restricts users’ ability to access their computers or data and demands money to release it. Specifically, in a large law firm setting, ransomware can prevent litigators from accessing motions on a deadline, trial lawyers from obtaining key documents needed for preparing arguments, transactional lawyers from communicating with clients during the closing of multibillion-dollar deals.


Ransomware targets vulnerabilities that exist in computer networks and software like Microsoft Windows or other Windows administrative tools. Once a computer is infected, the ransomware spreads rapidly across the organization’s network. The ransomware encrypts confidential documents and then demands a ransom, typically in Bitcoin, in exchange for a digital key to unlock the files. 1

eSentire is a Canada-based cyber security company that has seen a spike in investments and its clientele over the past three years. eSentire states that one of the sectors that it saw a surge in clientele is in the legal industry. eSentire’s increase in law firm clients is because of cyber attacks that have plagued the law firms in recent months. Recently, law firms have experienced some targeted ransomware attacks that have been designed to capture clients’ data or disrupt services at the firm. Because of increasing attacks, clients have pressured law firms to improve their cyber security.


Clients have grown increasingly nervous after DLA Piper, one of the world’s largest international law firms, was a victim of a ransomware attack. The ransomware resulted in the international law firm having to shut down operations and work from their cell phones temporarily. The ransomware was designed to lock firms out of its computers and requests a payment of $300 in Bitcoin to obtain a “decryption code” that unlocks the firm’s files. DLA Piper has not stated whether it paid the ransom but does say it was able to isolate the ransomware by shutting down its systems and working with forensic specialists. The attack was a blow to DLA Piper because it holds its self out as a law firm with a specialty in privacy and security. The DLA Piper attack was the first time that a ransomware attack publicly crippled the daily operations of a large law firm.

Law firms are repositories of their client’s most sensitive information, which makes them likely targets for ransomware attacks. For example, one of the largest ransomware attacks resulted in the leak of information that is now known as the Panama Papers. During this leak, hackers targeted the large international law firm Mosack Fonseca and leaked 11.5 million emails, contracts, scanned documents and transcripts of celebrities and public officials.

Ways Law Firms Can Strengthen their Network Security

To ensure the safety of clients data, law firms should first hire a Chief Information Security Officer or outside cyber security firms, such as eSentire, so that the firm’s network traffic, systems, and IT infrastructure are being monitored, which will help uncover breaches and neutralize cyber attacks.

Law firms should continually update and patch all company software, like Microsoft Office, so that ransomware cannot target this vulnerability. Firms’ IT departments should work closely with the Chief Information Security Officer or outside counsel to ensure that network systems and software are up to date. The Chief Information Security Officer or outside counsel should consider working with hacker firms to test the companies’ cyber security protocols annually.

Firms should provide training to its employees so that they have the skillset to be best able to recognize potential cyber threats. Employees should be regularly updated and tested for their ability to identify suspicious materials. For examples, many corporations randomly send out suspicious emails to various employees to test their ability to recognize potential threats.

Firms should require employees to use password generators or password strength gauges when developing passwords, to help prevent hackers from taking advantage of weak passwords. Many organizations such as the National Institutes of Health require badges and passwords to be used in combination to access computer systems. This method would prevent outside hackers from using employees’ passwords to access company data remotely.

Firms should apply the 3-2-1 back up storage method to help protect against ransomware attacks. The IT department should set systems so that data is backed up and stored in two separate mediums within the firm and one air-gapped copy (offline) should be stored offsite. Ransomware attacks can result in files being damaged or held hostage, so having backed up versions of your data will help your firm continue business as usual as the repairs to the system are being done.

Finally, Firms should purchase cyber security insurance to help handle with the mitigation of potential losses from the cyber-attack. Cyber security insurance will require the adoption of pre-emptive measures, along with an implementation of best practices. Cyber incidents are often excluded from general commercial liability and property insurance policies, leaving firms to pay out of pocket for data “destruction, extortion demands, crisis management, legal claims for defamation, fraud and privacy violations.”2

1. Aristedes Mahairas, a special agent in the cyber division of the New York City’s FBI field office, reported that ransomware attacks have increased, resulting in law firms having to pay ransoms for its clients’ confidential information.

2. Cybersecurity Insurance, Homeland security, (August 26, 2017) https://www.dhs.gov/cybersecurity-insurance.