With five law firms hit within just the last week, the Maze ransomware is making itself known and should be a warning to any and all legal firms that preventing an attack is paramount.
One of the foundation elements of a law firm is the concept that clients entrust their secrets to be held in confidence. So, it makes sense the data stored at legal firms can contain information that neither the firm nor its client want to be made public. It’s the perfect target for Maze ransomware; with their modus operandi to use both data exfiltration and encryption, along with the threat of making the data public should the ransom not be paid to double their chances of payment, and law firms are squarely in the crosshairs of a scenario they never want to find themselves in.
The good news is the bad guys – like Maze and DoppelPaymer, REvil, and others – all need access to your network and use phishing attacks as their attack vector. That means you have a known method of entry and can take specific precautions to shore up security there. This includes:
- Disable macros – and keep them disabled. Often, a macro within an office document attached to an email is the delivery mechanism. But with macros disabled, there’s no ability to launch the code, leaving the malicious attachment benign.
- Scan your email – using a layered approach, leverage multiple solutions that scan email for malicious attachments, links, etc. This includes email gateways, endpoint-based anti-malware, and endpoint protection solutions.
- Train your users – to be wary of suspicious, unusual, or otherwise out-of-the-ordinary emails via Security Awareness Training. Literally anything that seems out of place at all or uses language that denotes an elevated level of urgency should be a red flag for at least some degree of additional scrutiny.
