I recently read an article by Sharon Nelson and John Simek, of Sensei Enterprises, Inc. Sharon and John are well known legal technology security experts. When Sharon and John say, “[in] light of the new threats, we believe law firms need to take ransomware much more seriously than they have in the past,” I believe them. You can read their article here.
We do not handle law firms’ firewalls, anti-virus, or backups. That isn’t our business. But, every law firm we work has to deal with all of the issues that affect the security of their data. Over the past 5 years, we’ve had at least a dozen, likely more, firms who have been hit by ransomware and have had to recover. Here are some of our observations:
- Those that had virtualized servers (VM), which were backed up at least once a day, had the easiest times recovering. Simply strip the servers down to bare metal, and then reinstall the VMs. Most of those firms were up and running within a day, some within a few hours. If you aren’t setup using virtual servers, you should be. Contact your IT company and see what it would take to make this happen. If you are going to upgrade servers in the future, insist on VMs.
- Those that had non-VM backups eventually recovered most of their data, but it took a lot longer, most often weeks instead of hours or days.
- Those that didn’t have backups had to chose to pay the ransom. Both firms were successful in getting the documents back. One paid several thousand dollars, the other around $7,000. Payment was made in Bitcoin which took a while to obtain.
- We had at least one client that lost all their data as they didn’t have a backup.
One option firms have to avoid ransomware is to host their data in the cloud. This can be done using SaaS applications like NetDocuments, Centerbase, Actionstep, Soluno, etc. Or you can use “desktop as a service” or DaaS providers, where premise-based software like Time Matters, PCLaw, and the like, are hosted in the Cloud and each user accesses a desktop environment to use the programs.
With respect to DaaS and ransomware, one purported advantage of this type of environment is that they handle all the security. Yet, we have had at least 3 firms using DaaS get hit by ransomware. 2 were down at least a week as the company restored the data, and the other never got their data back. Yeah, it was as terrible as it sounds.
The lesson for firms using DaaS or SaaS is that if you have data in the cloud, you should make sure it is safe and have some redundancy setup. For example, NetDocuments provides a service call ndMirror where all document are mirrored to a local drive. Actionstep provides a periodic SQL data dump to a local server. Time Matters users can set up SQLBackupAndFTP, an inexpensive program that easily backs up the Time Matters SQL database to a Dropbox or other Cloud repository. Anyone running SQLBackupAndFTP could have their Time Matters up and running within a day, if not within a few hours. We wrote an article about it a while ago.
w2o548