Risk Update

Ransom Risk — Seyfarth Shaw Hit with Ransomware Attack

Posted Dan Bressler

International law firm Seyfarth discloses ransomware attack” —

  • “International law firm Seyfarth Shaw announced on Monday [October 12] that it was the victim of a ransomware attack over the weekend… The incident occurred on Saturday, with the company describing it as a ‘sophisticated and aggressive malware attack.’ The timing is typical for cyber attacks, ransomware in particular, as companies have fewer employees working weekends.”
  • “In its notification about the attack, Seyfarth Shaw says that as far as they know, ‘a number of other entities were simultaneously hit with this same attack.'”
  • “The company states that its monitoring systems caught the unauthorized activity and the IT department was quick to stop the spread.”
  • “‘Our clients remain our top priority, and we will continue to do everything necessary to protect their confidential information and continue to serve them. We are coordinating with the FBI and are working around the clock to bring our systems back online as quickly and safely as possible'”

Firm Statements on the Matter:

  • October 19: “All of the firm’s critical systems are now restored and fully operational, and we remain confident that none of our client or firm data was accessed or removed. We continue to work with leading forensics experts to complete the forensic investigation of the incident.”
  • October 15: “After locking down our systems over the weekend, our team of experts has worked tirelessly the past few days and done everything necessary to protect our clients’ and our firm’s confidential data and prevent its destruction and removal. We still have no evidence that any client or firm data was either accessed or removed. We are now in the restoration phase and have been able to bring our email system fully back online. We will continue to work through the weekend, and, based on the progress we have made so far, we expect to have full restoration of all of our critical systems by early next week.”
  • October 13: “Our team continues to work around the clock to resolve this incident. As reported earlier, we have found no evidence that any of our client or firm data was accessed or removed. We will update this page as we have more information. Thank you for your continued patience.”

Seyfarth Cyberattack Spotlights Gaps In Law Firm Security” —

  • “In Seyfarth’s case, the firm was able to stop the attack soon after detection, but not until after many of its systems, including email, were encrypted by malware, according to the firm. Such encryption means Seyfarth cannot access its files without the decryption keys, and the firm either has to pay the attacker to regain access or restore its data from a backup.”
  • “A September report by Coalition, one of the largest providers of cyber insurance services in North America, showed that the first half of 2020 has been particularly hard for many organizations, with 41% of all claims paid out related to ransomware attacks, noted Anne Hasenstab, an Oregon-based executive risk practice leader for Ward Insurance.”
  • “Coalition’s report also showed that the frequency of ransomware attacks against its policyholders rose 260% in the first six months of 2020, while the average ransom demand increased 47% from previously recorded numbers.”
  • “The shift to remote work — and the increased dependence on online technology — means that when systems are held hostage, ‘it does put companies at a significant level of misery,’ Hasenstab said. She and other experts encourage law firms to incorporate infrastructure changes into their cybersecurity policies, considering the technical differences when conducting assessments or testing.”
  • “As for how to prevent cyberattacks, Hasenstab recommends that law firms of all sizes implement multifactor authentication for important information and create ‘a culture of inclusion’ that puts cybersecurity in the firm’s risk management portfolio, including cyber insurance.”