The legal industry: A vulnerable sector facing constant ransomware attacks

The legal industry: A vulnerable sector facing constant ransomware attacks

The legal industry - one of the most vulnerable sectors

One of the most vulnerable sectors to ransomware attacks is indeed the legal industry. These companies hold a vast amount of sensitive and important information that would not only be a problem if made public but could also bring the whole company to a halt.

Unfortunately, this sector is also one of the most frequently attacked by ransomware groups. In the last three years, when ransomware attacks have only intensified, companies in the legal industry have suffered more than 200 attacks worldwide.

The US and UK legal services industry - the most-attacked in 2022

According to recent research by NordLocker, in 2021, the legal services sector faced an unprecedented number of ransomware attacks, with a total of 109 incidents reported. This surge in attacks was part of a broader trend, as all industries experienced a record-breaking 2,703 ransomware attacks that year. However, the situation has shifted somewhat in 2022, with the number of attacks on the legal services sector decreasing to 52. Despite this reduction, the legal services sector still accounts for 2.3% of all ransomware attacks across various industries.

The infamous LockBit ransomware group has been identified as the primary perpetrator behind a majority of these attacks in 2022, with the group being responsible for 24 incidents.

The largest number of ransomware attacks occurred in the USA, with 36 attacks. This is not surprising, because the US is always the biggest target for ransomware groups. However, the next most-attacked countries are the UK (7 attacks), Belgium (2), Germany (2), and Argentina (1).

"This top five of attacked countries is not at all surprising. Yes, US companies are always the most attacked, but Belgium or Argentina being on this list proves that attackers don't pick and choose by country or industry. They just look for the easiest, most vulnerable link," says Aivaras Venvcevicus, head of product for NordLocker.

Firms with 11-50 employees were the most targeted, experiencing 18 attacks, while those with 51-200 employees faced 15 attacks. Smaller firms, consisting of 2-10 employees, were targeted seven times.

The largest victim of a ransomware attack in terms of revenue was a UK-based holding company with a core focus on legal services. Listed on the London Stock Exchange, this company generates close to $80 million in revenue. The second-largest affected company by revenue was a US-based law firm, with revenues nearing $39 million. Notably, both of these organizations fell prey to the infamous LockBit ransomware group.

In a particularly interesting case, a US-based law firm specializing in personal injury claims and securing billions of dollars in compensation for its clients was attacked twice in 2022.

Businesses can protect themselves against ransomware attacks

Vencevicius suggests the best actions to start with when implementing practices to protect businesses from ransomware:

- Encourage employees to practice proper file hygiene, encryption, and backups. File hygiene and backups can't stop cyberattacks, but they give the company leverage. Even if a company becomes a target for ransomware, the ability to restore data immediately will guarantee business continuity. And if the company keeps the files encrypted, the information will be unreadable to hackers.
- Encourage cybersecurity training. Investing in your employees' knowledge is the most cost-effective way to protect your organization from ransomware because 82% of cyberattacks happen due to human error. It should be organized regularly and have a holistic approach that includes every employee.
- Keep software up to date. Most cyberattacks either use social engineering to exploit the flaws in human nature or malware utilizing outdated software. Ensure everyone at the company understands the importance of keeping software up to date.
- Adopt zero-trust network access, meaning that every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.

Methodology: Data was collected from publicly available blogs where ransomware gangs post the names of their victims and their demands. The ransomware attacks under investigation all happened during the period between 01/01/2020 to 30/04/2023.

Fred. Roeskestraat 115 1076 EE
Amsterdam, Netherlands

ABOUT NORDLOCKER
NordLocker is the world's first end-to-end file encryption tool with a private cloud. It was created by the cybersecurity experts behind NordVPN - one of the world's most advanced VPN service providers. NordLocker is available for Windows and macOS, supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. NordLocker protects files from hacking, surveillance, and data collection. For more information: nordlocker.com.

This release was published on openPR.