- a salutary tale from Danny Bedingfield, Infinitylaw trainer

Call it a cyber attack, hacking, phishing or bad luck – the result is the same if you fall for the con.

When the officer manager of a small legal firm clicked on what looked like an ordinary pdf attached to an email he unwittingly unleashed a trail of destruction. Within seconds a virus dubbed cryptolocker began systematically converting all the companies’ word files into mp3s.

Infinitylaw trainer Danny Bedingfield says the virus headed straight for the companies’ server to transform as much as it could as fast as it could, in alphabetical order.

The manager by then aware that something was terribly wrong opened an altered file and discovered a ransom note.

The offer was to restore all the files provided money was handed over within a specified time.

While he debated whether to click the link and pay, cryptolocker marched on. It had finished transforming the As, the Bs and was beginning on the Cs when the manager got through to his regular IT go-to provider.

The advice, says Danny, was to immediately disconnect the cable from the network to isolate the damaged files and to protect those that were as yet untouched.

Fortunately this tale had a reasonably happy ending.  The company was in the habit of doing regular backups of all its files, the most recent one being only an hour prior to the attack. Danny says everything was restored with minimal loss.

What might have been

It could have been much, much worse.  If the office manager hadn’t realized what he’d done and taken action almost immediately, they could have lost the lot – literally. The company could have been forced into the humiliating position of having to publically acknowledge the event to everyone they had a connection with. While that scenario is a nightmare, its ongoing ramifications are enormous.  There’s loss of business, credibility… and mounting debt because there is no work coming in.

What to do to minimize the possibility of launching cryptolocker into your computer system

Danny says staff education is the key. The irony of this particular story was that the offending email had been forwarded to the Office Manager by one of the senior partners in the firm who thought it possibly suspicious.  He wanted the office manager to check it for him to ensure it was OK before he opened it.

Email safety checks

Despite the people behind the phishing scams becoming smarter, there are generally tell-tale signs that the email in your in-box isn’t what it appears.

Before opening an email and /or clicking on a link within it, or an attachment, check:

• Is the sender’s name and email address known to you?
• Is the subject line suspect in any way?
• Is the subject line grammatically correct and spelled properly?

If in doubt, delete.

If you’ve done the checks and still want to open the email, do it on a phone rather than your desk computer. That at least ring fences a potential threat like cryptoblocker – ensuring it can’t race off and attack your core business files.

Other precautions

Ensure you have a full disaster recovery plan in place: that your anti-virus software is up to date and that you have an automated regular back up schedule.

More information on computer viruses & phishing emails

• What to do if your business is hit by a cryptovirus?
• NZ Herald – “Locky” Ransom ware strikes - article from tech blogger Juha Saarinen - "the ransomware problem is likely to get worse".
• Hackers attack Wanganui hosptial - "Locky" hits hospital computing system
• How many of your employees will get phished today?
  An excellent post by Chris Hartig – Watch Point Data – covering the dos and don’ts of email safety
• Intel Security study shows that 97% of people can’t identify phishing emails
  An intriguing and disturbing 2015 study from McAfee.  Of the 19,000 plus visitors from more than 140 countries, only 3% of test-takers scored 100%.

Danny Bedingfield trains lawyers and other legal practitioners to make the best of legal practice management system Infinitylaw.