Some law firms in the Triangle were among the 2,500 firms nationwide that use TrialWorks Case Management Software and received the below message by email Oct. 13 alerting them to the case management software hack.
TrialWorks is a South Florida software company that manages electronic records for law firms of all sizes. The ransomware attack restricted access for over 5 percent of their customers.
“Reams of digital legal documents have been held hostage,” reported the Miami Herald.
RECORDS INACCESSIBLE FOR WEEKS
Some of TrialWorks’ customers were forced to request the courts to extend the deadline for providing case documents. At least one of the affected firms was unable to access its records for over two weeks. A Florida law firm was forced to request more time to meet a filing deadline in a gender-discrimination employment case in federal court because it could not access its electronic documents stored with TrialWorks. Luckily, an extension was granted. Though the company appears to have hired a cybersecurity consulting firm to assist in recovery efforts, it remains unclear whether TrialWorks paid the requested ransom or whether the company employed a managed security services provider (MSSP) for risk mitigation, data security protection, and/or business continuity services.
On Oct. 15, TrialWorks announced that the threat was completely eradicated from its systems and its staff was “actively decrypting and restoring data.” The announcement suggests that the company obtained in some way the decryption keys to restore the files, likely after paying the ransom.
PREVENTATIVE MEASURES FOR YOUR FIRM
Every breach offers lessons about how to prevent future attacks and how to safeguard your firm. At the risk of sounding like a broken record, it’s not a question of if your firm’s system will be breached, it’s a question of when.
For your firm’s own safety and security, I suggest that you back up your files to someplace in addition to what you have with the software management company. This will avoid significant downtime in the event they are hacked.
Trialworks began alerting its customers with the message above. In the event you are using a third-party service like this one and you get a similar message, there is little you can do after the fact. So, unless there are proactive measures in place, it may be too late to do anything.
Accordingly, your firm should vet a software storage company before you do business with them by asking for a copy of their security risk assessment, pen test and other third-party audits. Your firm needs to demand proof that all the above is actually being done.
The TrialWorks attack again brings to the national spotlight the growing trend of ransomware attacks aimed at the massive quantities of protected digital information in cloud storage systems. Now is the time for providers of cloud services (and their customers) to become hypervigilant of security procedures and data protection.
If you are not fluent in computer speak, a cybersecurity firm like mine can help you review answers from a software storage company (or any provider of computer services used by your firm) and advise you if their systems provide sufficient protection. Craig A. Petronella