An article published on February 1 on the LawSites blog reports three ransomware attacks on law firms within 24 hours.

“Five U.S. law firms — three in the last 24 hours — have been among the companies and organizations targeted by a new round of ransomware attacks,” Bob Ambrogi writes. “In two of the cases, a portion of the firms’ stolen data has already been posted online, including client information.”

The current attack arrives in law firms via email attachments which release the malware into computer systems when they are opened.

Here is a checklist of my recommended actions for your firm to take right now:

  1. Warn all your staff immediately to be triple-concerned about any emails with links or attachments: if in doubt about contents, consult IT before opening. (Social engineering will make the email and its attachment look harmless, and many will be fooled.) This warning will be most effective if it comes from your firm leader.
  2. Consult with your IT dept or outside IT consultant to see what you can do to mitigate the risk.
  3. If you have any useful information, please send it to me now: I will promptly share it with Bob Ambrogi, who broke this story.