Ransomware hackers pose threat to B.C. law firms

Computer hackers hold a law firm's files hostage and demand a ransom: if it sounds like a plot dramatic enough for a TV series, that's because it was.The Good Wife devoted an episode to the problemofransomwarelast fall.

But according to the Law Society of B.C., three real-life B.C.law firms have fallen prey to hacking blackmailers in the past year - the latest just days before New Year.

One even paid moneyto get back control of their files, which had been restricted by hackers using malware to infect thecomputer system until the firm paid up.

So how should firms deal with ransomware attacks? And should they tell their clients? Not necessarily, says aspokesperson for the Law Society, who told the CBC no data was compromised in these events.

"It is our advice that duty of confidentiality owed to a client includes notifying them if that duty may have been breached, but its important to note that data is not necessarily breached in these cases, and client files have not been accessed," said spokespersonRyan-Sang Lee.

"Indeed, we understand that this type ofmalwareoperates by encrypting the software on the host computers and does not result in the transmission of the data outside the law firm to any party."

But president of Vancouver-basedNeoCode software Joshua Paul,who has advised clients on how to deal withransomware, said if hackers can access a firm's information in order to encrypt it or destroy it, there's no telling what else they might have done with it.

"If they had access to the file system to encrypt it in the first place, they'd be able to access thecontent of the files," he said. "But there's no financial benefit."

Restricted files would be 'irrevocably broken'

The Law Society issued a notice to its members about the latest ransomware attack, using malware called Cryptowall, on New Year's Eve.

Employees had arrived at work on Dec. 29 to find notices on the company's computer monitors warning their files had been locked and encrypted.

The firm, which has not been identified, was told if a fee wasn't paid within a stipulated time, the files would be "irrevocably broken."

The companyhad a backup of the files and refused to pay the ransom. The incident was reported to police, who said the attack likely came through a virus transferred by email.

The Law Society issued a similar warning last year, after two other B.C.firms were targeted, one of which paid the ransom.

Ransomwarehackers typically ask for amounts ranging from $200 to$400 inBitcoins, a digital currency which cannot be easily traced by authorities.

And B.C. is not alone in being targeted by ransomwarehackers. In 2013, apolice departmentin Swansea, Mass. admitted to paying a ransom to get their files unlocked.

And last year,a lawyer in Charlotte, N.C. said he lost an entire cache of legal documents despite an attempt to pay $300 blackmail.

Who should firms notify about hacking?

B.C.'s Information and Privacy Commissioner said her office has received no word of any of the attacks on law firmsand reportingis voluntary for private firms.

However,the commissioner has recently proposedan amendment to the Personal Information Protection Act for mandatory breach notification.

As for clients, Joshua Paul, president of Vancouver-basedNeoCode software, believes it should be the firm's responsibility to notify customers about computer hacks.

"You've hired them to protect your confidential data ...It's actually not their data. That was my data that was breached or my data that was encrypted or my data that was destroyed," he said.

Ontario-based legal technology expert David Whelansaidransomware attacks aren't about hackers trying to access personal data.

"You might want to notify [clients]that you have this event," he said. "I'm not even sure that I would say it's a breach."

Whelansaid many Canadian lawyers work out ofsmall offices without highlysophisticated IT departments and advises concernedclients ask a lawyer the following questionsbefore retaining counsel:

• How do you deal with technology and how are you going to protect my files?
• How do you deal with things like passwords and ransomware attacks and phishing?
• What have you done proactively to prepare for those things?