14 DAY TRIAL // A computer belonging to law firm Ziprick & Cramer got infected by ransomware with file-encryption capabilities; the malware piece also affected the content in shared folders.
The company turned to its “computer specialist” in order to determine the nature of the files that got encrypted illegally, and the information they stored on the systems. The incident occurred on January 25.
Type of data encrypted is unknown
Although a simple scrub of the hard disk may have sufficed, the law firm removed the infected workstation in order to redeem the integrity of its network.
Other machines have not been reported to be affected, even if they had access to the compromised folders shared over the network by the workstation that was infected initially.
As the administrators of the company learned from the security experts called to help with determining the type of data lost as a result of the attack, this type of ransomware threat does not usually exfiltrate information from the target; it only encrypts it and asks for a ransom in exchange for its decryption.
The investigation of the incident could not reveal what type of data was put under lock and key by the malware; it may include social security numbers and driver’s license, but it is believed it didn’t store financial account numbers and medical or health insurance information.
Damage is believed to be minimal, free identity protection offered
In a letter to customers whose information fell hostage to the ransomware piece, Ziprick & Cramer says that it did not and would not pay the ransom fee, as it “would only encourage and fund such criminals in their illegal activities;” this is also the recommendation of experts in the security industry.
The law firm has not received conclusive evidence from a forensics expert that data was not stolen from its systems, but on the other hand, it does not have proof that information has been stolen either. As such, out of caution, it offers customers whose data was encrypted free access to identity protection services for one year.
Ziprick & Cramer believes that the damage is minimal because it had a backup system in place and other systems were not affected, or hard copies of documents and correspondence.