Ransomware and Rootkit have the potential to affect us all. Law firms are particularly high-value targets, given the sensitive nature of the client information they possess. The InfoSec Institute “Ransomware Attacks on Law Firms” report suggests that law firms may be targeted in ransomware attacks because they are deemed more likely willing to pay ransom to avoid the damage to their reputation that would follow an incident in which they failed to protect clients’ sensitive information.
Let’s Start With Definitions
What is ransomware?
Ransomware is a type of malicious software (“malware”) designed to block access to a computer system, applications or files until a sum of money is paid – typically demanded in bitcoins, an untraceable currency. Content may be encrypted, for example, and the perpetrators provide a decryption key in exchange for ransom money. Ransomware is an escalating, increasingly sophisticated threat—and no one seems to be immune.
What Is A Rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) while at the same time masking its existence, or the existence of other software.
A rootkit operator can take control over a computer system without the computer system user knowing about it. The owner of the rootkit is capable of executing files and changing system configurations on the target machine, as well as accessing log files or monitoring activity to covertly spy on the user’s computer usage.
To prevent a ransomware attack and rootkit, experts say IT and information security leaders should do the following:
• Keep all software up to date, including operating systems and applications.
• Invest in anti-spam software for email.
• Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
• Back up all information to a secure offsite location.
• Segment your network: Don’t place all data on one file share accessed by everyone in the company.
• Train staff on cybersecurity practices, emphasizing that they should not open attachments or links from unknown sources.
• Develop a communication strategy to inform employees if a virus reaches the company network.
• Perform a threat analysis in communication with vendors to go over cybersecurity throughout the lifecycle of a particular device or application.
• Instruct information security teams to perform penetration testing and do social engineering to find any vulnerabilities.
How To React When Ransomware Or Rootkit Is Detected
In case you find that your computer has been locked by ransomware, you should take the following steps:
• If the attacked computer is part of a network, remove the infected system from the network
• Create a copy of your disk or the impacted files for analysis later on, which may be needed for decryption of files.
• If a healthy system restore point is available, see if you can go back and see if that works for you.
• If recent backups of data are available, even better. Format and clean reinstall Windows and restore backed up data to make a fresh start.
• Boot into Safe Mode and run antivirus software deep-scan and hope that it is able to disinfect your computer. Chances are it won’t, but no harm in trying.
• Next, identify the Ransomware which has infected the computer. For this, you may use a free online service called ID Ransomware.
• If you are able to identify the ransomware, check if a ransomware decrypt tool is available for your type of ransomware. Then take the help of one of these ransomware decryptor tools which are presently available.
• If the Ransomware totally blocked access to your computer or even restricted access to select important functions, use Kaspersky WindowsUnlocker as it can clean up a ransomware infected Registry, and gives you access back.
How To Remove Rootkit
There are different approaches and really no single foolproof method, neither is it guaranteed that the rootkit will be fully removed. As a matter of fact, there are some computer security experts who simply recommend formatting the drive and completely re-installing the operating system.
Law firms retain important trade secrets, corporate and financial information about their clients. In today’s increasingly risky cybersecurity environment, every law firm must make efforts to understand the risks posed by ransomware and rootkit attacks, and take steps to reduce risk.