I recently wrote a blog about the terrifying ransomware trend, including stories about some of the major headline cases we’ve seen in the past few years. (The University of Calgary ransomware experience was chilling.) Many law firm IT professionals are asking themselves, "How can I prevent ransomware at my law firm?"
So I wanted to see first-hand what IT professionals at law firms are doing about ransomware. I called up an IT friend at a law firm where my company has provided trainings and asked him if I could visit and discuss ransomware attacks at law firms. I wanted to know if the problem is truly as invasive as the media make it sound. (Lord knows the media have gotten a few things wrong of late!)
My friend agreed. However, I’m going to keep his name and his firm anonymous; why risk more exposure to cybercriminals?
This friend, we’ll call him Dave, said that his firm faces ransomware and phishing attacks every day! Every single day, he must assure that his security systems are thwarting cybercriminals who are using every trick and hack they can imagine to attack his firm. Their quest? To get their hands on the firm’s sensitive materials, client documents, personnel files – anything that they can exploit to their advantage.
Dave says that he employs a hardware firewall and malware/antivirus software in his defenses. He knew that Savvy offers a Ransomware simulator tool, so we decided to test it against his defenses and see what we learned. Luckily, we learned a lot.
Dave was eager to discover the weaknesses in his system. So, he downloaded the simulator tool and ran the test. (He said, and I quote verbatim, “That was extremely easy to use.”) And he received the following report:
Overall, it was good news! Dave’s security measures are working well against three types of Ransomware scenarios:
Replacer: Replaces the content of the original files. A real ransomware would show a message that fools users into thinking they can recover them.
StrongCryptor: Encrypts files using strong encryption and safely deletes the original files.
StrongCryptorFast: Encrypts files using strong encryption and deletes the original files.
However, the simulator found 5857 vulnerable files and Dave discovered that his security system is vulnerable to two types of attacks:
StrongCryptorNet: Encrypts files using strong encryption and deletes the original files. It also simulates sending the encryption key to a server using an HTTP connection.
WeakCryptor: Encrypts files using weak encryption and deletes the original files.
Dave saw these results and said, “It appears we are more vulnerable to the less complex threats.”
As a result of this test, Dave said he plans to conduct “thorough penetration testing.”
Dave also said that, as part of his security enhancements in 2017, he’s going to train his firm’s employees to recognize phishing scams that can open doors for cyberhackers (and their ransomware).
“Absolutely, we hope to use Savvy for security awareness training in the coming months,” said Dave.
If you would like to test your security system against five different types of infection scenarios, please contact me today. You’ll have results in just a few minutes. From there, you can launch a stronger battle plan!