Are Your Files Safe from Ransomware? Test Them!

by Tali Thomason on September 25, 2017

By Doug Striker

If only the masterminds behind ransomware attacks and other malicious cyberattacks would put their energy into world peace. I think we’d have that nut cracked in about six weeks. But sadly, the bad guys continue to use their techie talents to steal and disrupt. And law firm security measures don’t seem to be holding up under the test!

Did you read the article about the University of Calgary’s experience with ransomware? At a time when the University was hosting academic faculty and researchers from across Canada, their email systems were completely shut down and they lost access to many of their files.  Everything was on lock-down.

Then they received a ransom note.

The University of Calgary was told that they needed to pay a sum of $20,000 and the attackers would give them a “key” to unlock all of their systems.

The University’s press release stated:

A ransomware attack involves an unknown cyberattacker locking or encrypting computers or computer networks until a ransom is paid, and when it is, keys, or methods of decryption, are provided.

They also said,

The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.

Can you even imagine? Not only were they attacked and they paid the ransom, but the decryption keys aren’t like magical buttons that restore everything instantly to the way they were.

Of course, when something like this happens, those of us in charge of law firm security always think, “Could it happen to me?” We spend about 48 hours talking about it, worrying about it and assessing and tinkering with our security measures, but then we move on with our priorities. But do those efforts really tell you if your systems will work against a law firm cyber attack? Maybe you’re thinking, “There’s no way to know until it happens.”

That’s not true. You can actually test your system’s ability to thwart cyberattacks.

One Firm’s Ransomware Test Results

I’m going to share one firm’s results using the free ransomware simulator tool offered by KnowBe4. However, I’m going to keep the firm anonymous; why risk more exposure to cybercriminals?

I will call the IT manager at this firm “Dave.” He said that his firm faces ransomware and phishing attacks every day! Every single day, he must assure that his security systems are thwarting cybercriminals who are using every trick and hack they can imagine to attack into his firm. Their quest? To get their hands on the firm’s sensitive materials, client documents, personnel files – anything that they can exploit to their advantage.

Dave says that he employs a hardware firewall and malware/antivirus software in his defenses. He decided to use the KnowBe4 ransomware test against his defenses and see what he learned. Luckily, he learned a lot.

After running the test, he received the following report:


Overall, it was good news! Dave’s security measures are working well against three types of Ransomware scenarios:

  • Replacer: Replaces the content of the original files. A real ransomware would show a message that fools users into thinking they can recover them.
  • StrongCryptor: Encrypts files using strong encryption and safely deletes the original files.
  • StrongCryptorFast: Encrypts files using strong encryption and deletes the original files.

However, the simulator found 5857 vulnerable files and Dave discovered that his security system is vulnerable to two types of attacks:

  • StrongCryptorNet: Encrypts files using strong encryption and deletes the original files. It also simulates sending the encryption key to a server using an HTTP connection.
  • WeakCryptor: Encrypts files using weak encryption and deletes the original files.

Dave saw these results and said, “It appears we are more vulnerable to the less complex threats.”

As a result of this test, Dave said he plans to conduct “thorough penetration testing in early 2017.”

Dave also said that, as part of his security enhancements in 2017, he’s going to train his firm’s employees to recognize phishing scams that can open doors for cyberhackers (and their ransomware). (More on this topic in my next blog for SoloInColo.)

If you’re in charge of your firm’s security and you haven’t yet tested the strength of your systems, you can bet someone else will test them for you… with bad intentions. Arm yourself with more information about your vulnerabilities so that you know where to put your precious resources in defense of your firm’s valuable client information.


Doug Striker is Chief Executive Officer (CEO) of Savvy Training & Consulting, a provider of legal software training solutions. As a former Chief Operating Officer of a prominent law firm, he specializes in helping firms acquire the software platforms they need, training staff for maximum workflow efficiency, and enhancing continuity and bottom-line results. 



Comments on this entry are closed.

Previous post:

Next post: