Last March, attorney Jeffrey Wicks was being held at digital gunpoint. Wicks—head of a small firm handling criminal defense and civil and family law cases in Rochester, New York—was being extorted by cybercriminals who were holding his firm’s data for ransom.
Wicks had apparently opened an email attachment that locked down his computer and his firm’s network. The data was encrypted, and the hackers were demanding 20 bitcoins in return for the decryption keys to unlock the firm’s files. At that time, one bitcoin was worth about $1,200, meaning the cybercriminals were demanding about $24,000 for the safe return of Wicks’ data. (At press time, the bitcoin value was more than $11,000.)
After a few rounds of negotiations, Wicks ended up paying $5,000 for the network’s data. (He refused to pay for the locked data on his computer and lost two years’ worth of information.) He also had to spend $10,000 in IT fees and $5,000 for new equipment. Thanks to the foresight of his office manager, who had insisted that the firm have cybersecurity insurance, the $20,000 was covered by the insurance company.
Cyberattacks are on the rise, both in the number of incidents and the costs associated with the attacks. According to the ABA’s 2017 Legal Technology Survey Report, 22 percent of responding firms had been breached—an increase of 8 percentage points from the previous year’s survey.
This article was submitted by Jonathan T. Armiger, Armiger Law. If you would like to submit content or write an article for the E-Discovery, Information Governance & Cybersecurity Section, please email Kara Sikorski at firstname.lastname@example.org.