Is Your Firm Vulnerable To The Recent Ransomware Attack?

Tech columnist Jeff Bennion explains how ransomware works and how you can protect yourself.

Hacker workingIt’s likely that you have heard of the recent WannaCry ransomware attack that started spreading across the world last Friday. Let explain to you how it works and what you can do to protect yourselves.

How Ransomware Works

Ransomware is not like a virus. With ransomware, a piece of code gets into your system, locks down your access, and sends copies of your files out to others. Then, they hold your files ransom and, in this case, you have three days to pay $300 to get your files back or seven days to pay $600. Once you pay, they unlock your computer and you have access again. As you can see, this poses a number of problems for lawyers, the least of which is the disruption of business or the $300.

Now it gets weird. The NSA stockpiles ways to hack computers in case they need to hack someone’s computers real quick (without a warrant?). So, they analyze weaknesses in your operating system’s code and keep a figurative vault of ways to hack into computers, like how the CDC stores real viruses. Someone hacked into the NSA and stole this method of hacking and started deploying it on the world.

Why You Have to Upgrade Your Software:

The problem comes with using old versions of Windows or not taking the update patches that Microsoft puts out. As I wrote about several years ago, you should not be using old versions of Windows because it’s a security risk. Dona Sarkar, the Head of Microsoft’s Windows Insider Program (the program that lets you get insider previews of Windows features), tweeted that no one with Windows 10 was affected:

donna

Sponsored

When it comes to Windows, most firms are using XP, Vista, Windows 7, Windows 8, or Windows 10. That is the chronological order in which those operating systems had been released. They all share a basic structure. Microsoft puts out periodic security patches to the software and sometimes, they apply to all versions of the operating systems. A few years ago, Microsoft stopped releasing security patches for Windows XP, which makes sense because they can’t be making security patches for every operating system forever. So, they drew a line and said that XP is too old for them to focus on, and they are not going to be releasing patches for it anymore. According to Business Insider, about 7% of PCs are still running XP, and almost half are running Windows 7 (which is also soon reaching that window where its support will end).

Analogy time: Let’s say there’s an architect who designs castles. Millions of people buy these castle designs. Occasionally, the architect makes significant design changes and calls his design changes version 2, version 3, etc. The architect occasionally finds weaknesses in his designs, like there is a blind spot in a tower somewhere or a corner of the castle has a weak point in the foundation and the architect sends out instructions on how to fix it, and sometimes, if it’s a fix on version 2 or 3, it also applies to version 1 because they have the same basic architecture. After 15 years, the architect says that when he discovers a problem, he’s going to stop analyzing how to make those solutions applicable to version 1 castles because people should only be keeping their castles for maybe five years at the most and it’s expensive to custom-tailor fixes to the version 1 castles. So, when the architect sends out a notice of a security weakness and how to fix it in versions 2 and 3, bad people can take that fix and figure out how it might apply to a version 1 castle, and the security fix becomes an attack blueprint for version 1 castles. And that’s how malicious code is born and why older systems are more vulnerable.

It Is Below the Standard of Care for Lawyers to Use XP?

You should not be using Windows XP. In my professional, expert opinion, it is below the standard of care for a law firm to be using Windows XP. The ABA ethics rules say you, as lawyers, have a duty to know about technology. So, if you are using XP and charged with a duty to know about technology, you are negligent. Most of you are not negligent, but half of you are using Windows 7. You need to be prepared for what happens when Windows 7 becomes obsolete. You should upgrade to Windows 10 as soon as possible. Don’t wait until it goes obsolete and then switch. Don’t scramble, just do it sooner rather than later.

Earlier: This Week In Legal Tech: Ethics And Technology Competence

Sponsored


Jeff Bennion is a solo practitioner at the Law Office of Jeff Bennion. He serves as a member of the Board of Directors of San Diego’s plaintiffs’ trial lawyers association, Consumer Attorneys of San Diego. He is also the Education Chair and Executive Committee member of the State Bar of California’s Law Practice Management and Technology section. He is a member of the Advisory Council and instructor at UCSD’s Litigation Technology Management program. His opinions are his own. Follow him on Twitter here or on Facebook here, or contact him by email at [email protected].