Cambridge Law Firm increases Cyber Security after damaging attack

Law Firms across the region - Don’t get caught out by cyber criminals.


Learn from the experience of a law firm in the East of England and prevent yourselves from being next on the cyber hit list.


Cybercrime costs the UK economy £27 billion per year and that figure is rising. Law firms remain in the cross hairs of hackers because of the highly sensitive and valuable data that they hold. And they are one of the most vulnerable sectors based on their current cyber resilience.


In July 2021 a small law firm in the Eastern region faced the realisation that they had been hacked by cyber criminals and their future as business had been put in jeopardy.


‘ On Sunday 11th July 2021 some staff at our company were struggling to access our server. This was reported to our IT Engineer. Our IT Engineer noted suspicious activity on the server and reacted by removing what he believed to be the infected device from the network and restoring our server to it’s last back up to ensure that no data was encrypted. There was no evidence that any data had been exfiltrated from our system at this stage. The ICO and SRA were contacted but this was initially logged as a non-material breach.’


The firm did the right thing by contacting the ICO about the potential data breach. It’s fair to say that at this stage they believed that the network intrusion had been isolated and that no long term damage had been caused. Initially the staff at the firm were told about the incident, reminded about the need to use strong passwords and to watch out for phishing e-mails.


‘Later that evening, all staff received an email from hackers….. The email was sent from one of our members of staffs email account. The email explained how data had been exfiltrated from our system and that all data on our system had been encrypted with keys that could only be decrypted through specialist decryption software.’


Because the firm used off line backups they were able to access the data that had been stolen/encrypted. However, there was concern that the ransom attackers could leak data stolen deliberately which would have significant reputation damage for the firm and cause significant risks to the data subjects themselves. As a result the police were contacted and they confirmed that…


‘This was a ransomware attack by a sophisticated criminal organization that targeted our business by gaining access to our network, ‘locking’ our files and exfiltrating data from our system.’


The Police Cyber Protect team referred the firm to the Eastern Cyber Resilience Centre who immediately passed them to one of the centre’s Trusted Partners – one of a number of Cyber Security Companies that work in partnership with the centre to support businesses across the East of England. In this case they initiated a full scale Incident Response procedure to ascertain what had happened and what was needed to deal with the immediate aftermath of it.


‘We believe the hackers gained access to our server either by a phishing email being clicked on by a member of staff or by a weak password being used. Forensic images from our server have been obtained and we are currently looking at conducting a penetrative test on our server to establish how this happened.’

Photo of bitcoin logo in black sand, Photo by <a href="https://unsplash.com/@executium?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Executium</a> on <a href="https://unsplash.com/s/photos/bitcoin?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>

Like many firms who fall victim of this type of attack the impact is extensive, expensive and long lasting. Ransomware attacks are based around a business model and they are all about making money – the firm had to make a very difficult decision about whether they should pay the ransom – in this case tens of thousands of pounds, or not. And there is no guarantee that paying the ransom will prevent the data from being leaked.


‘We were victims of a crime that has of course not only impacted us financially, it also had an impact of the running of the business. The hack meant that we were blocked from CPS, courts and police emails. This affected the every day running of our business which meant we could only receive important documents via post opposed to email. It also affected the courts as they needed to print all client case papers and we were only able to communicate with professionals via telephone to retrieve updates in criminal investigations. This of course put pressure on our business and the organisations surrounding us that we work closely alongside. During this time of uncertainty, much time was spent liaising with the police, cyber security advisors, the SRA and ICO. There was also the potential for reputational damage to our firm had the exfiltrated data sample been leaked onto the dark web.’


The firm have joined the ECRC as a free core member are now working to ensure that they do not becomes victims again.

Photo of people making notes - Photo by <a href="https://unsplash.com/@climatereality?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">The Climate Reality Project</a> on <a href="https://unsplash.com/s/photos/training?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>

‘Since the attack, we have implemented two factor authentication security on all of our work devices. We have also received tailored cybersecurity training which covered training on strong passwords, phishing emails and common inside threats within the firm. We are also looking towards obtaining the Cyber Essentials Plus accreditation.’


Most law firms believe that they already have sufficient cyber protection and that they will not become victims of the type of incident described above. Sadly, this is not true and most law firms, like most companies generally have inadequate cyber protection and do not fully understand the risks that they face. As one of the partners at the firm said to the ECRC


If the ECRC had approached us about joining the centre the day before the attack we would have been interested in what they had to say, but we would probably not have joined the centre or significantly changed our current processes around cyber resilience.’


Don’t make the same mistake.

Join the ECRC for free today and start to do something positive to protect your company, your employees, your clients and your supply chain.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.