The law company Ziprick & Cramer was infected by ransomware through a computer belonging to it. The ransomware came with file-encryption capabilities and it affected the content that was placed in the shared folders. The infection happened at the end of January and was treated by the computer support team, which tried to identify the encrypted files and the information stored on the systems.
Data Encrypted Type: Unknown
The law company has removed the workstation that was infected aiming to redeem its network integrity, though just a hard disk scrub would have been enough. The rest of the devices used in the company were not reported as being affected by the malware, including those that had access to the compromised folders which have been shared through the network by the infected workstation.
The security experts, who were called to determine the type of the data that was lost due to the attack, informed the administrators of the company that the ransomware type that attacked the law company does not usually ex-filtrate the information from the target but encrypts it and asks for a ransom in exchange for a decryption key.
The investigation could not reveal the type of the data that was locked by the malware. The law company informed that the data locked might include driver’s license and security numbers, but does not store financial account numbers and medical insurance information.
Minimal Damage, Complimentary Identity Protection
According to the law company, the damage done by the ransomware is minimal and now the company provides complimentary identity protection. Ziprick & Cramer sent a letter to its clients, whose information was taken as hostage by the ransomware, that the company will not pay the ransom asked for as in that way it will encourage the cyber criminals in their illegal activities. According to the experts in the security industry, that is the right thing to do.
The experts were not in the position to say whether data was stolen from the law firm systems, however there is also no proof that such information was stolen either. Still, out of caution the company offers its clients whose data has been encrypted free access to identity protection services for a period of one year.
The company assumes that the damage done by the malware is minimal, as it had a backup system and the other systems, correspondence and hard copies of documents have not been affected.