A barristers' chambers hit by a ransomware attack has responded by getting a court order demanding the criminals do not share their stolen data.
|Is a court order and privacy injunction the way to fight ransomware?|
We've previously written about ransomware on the Alpha Legal blog. Ransomware is evil - hackers deliberately encrypt files and data and only make them accessible by decrypting after a ransom has been paid. Worst still, hackers often now demand two ransoms - the second as a blackmail payment to prevent them from posting the stolen data on the web for all to see.
The Lawyer website reports that 4 New Square Chambers, which counts IT dispute experts among its staff, obtained a privacy injunction from the High Court at the end of June against "person or persons unknown" who were blackmailing the firm. The hackers, who targeted the firm a month ago, were demanding a second ransom to expose all of the stolen data. This could be catastrophic for the firm involved.
At Alpha Legal, we are aware that email is often a point of entry for ransomware. We urge all businesses, especially those in the legal sector, to avoid using email for sensitive data exchange. Emails are simply not secure enough and email servers are prone to attack. Once compromised, a hacked email server is an easy route in for hackers to exploit and a ransomware attack is often the result.
Apply for an injunction is an interesting tactic but it is difficult to see how it could work. These are criminals, after all, and the very act of demanding the ransom payment is surely demonstration that the injection will simply be ignored? This is going to be an interesting story to follow and we'll blog again if the outcome of this sorry tale becomes known.
(the original story was posted by theregister here: https://www.theregister.com/2021/07/06/ransomware_4_new_square_chambers/)