Grubman Shire Meiselas & Sacks: Law firm
Risk to Small Business: 1.409 = Extreme
A ransomware attack has compromised the highly sensitive personal data of dozens of high profile clients including tech giants, A-List celebrities, and sports stars. The law firm lost 756GB of client data in the attack. Cybercriminals are threatening to release the information in nine installments unless the firm pays a ransom, believed to exceed $20 million. This attack reflects a ransomware trend: hackers steal company data and demand payment. Until now, many were content to simply encrypt an organization’s network in hopes of being paid for a decryption key. Unfortunately, this new methodology is much more expensive, which could undermine the organization’s long-term reputation and viability.
Individual Risk: 1.560 = Extreme
Cybercriminals obtained extremely detailed private information about high-profile clients including names, contract details, phone numbers, email addresses, personal correspondence, legal filings, and non-disclosure agreements. This information is often used to perpetuate blackmail, spear phishing attacks, identity theft, and other crimes. Those impacted by the breach should enroll in credit and identity monitoring services. In addition, Dark Web monitoring offers insights into the spread of personal information, bolstering their ability to respond to misuse.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are increasingly becoming data loss events, as cybercriminals steal data before encrypting critical IT. This compounds the cost and consequences of an attack, and it should encourage every organization to assess its defensive posture in relation to this threat.