Cyberattacks penetrate the London legal market

By Kajal Patel and James Arnold 

Last month (July 2021), at least two sets of London commercial chambers became the most recent victims of a prolific spate of ransomware attacks.

Ransomware attacks involve malicious software infiltrating an organisation’s IT systems, typically leading to the encryption and/or theft of the victim’s (often highly confidential) data. CYK’s previous article explores the number of high profile cyberattacks that have taken place across a number of countries and industries in the past year and the effect that such attacks have had on diplomatic relations. It is difficult to pinpoint with any precision what the exact drivers are for these malicious attacks, but the economic angle is almost undisputed; the hackers tend to demand the payment of a substantial ransom to restore the victim’s access to their files. What remains unclear when these attacks happen is just how much confidential, sensitive data is compromised and, crucially, what is then done with this data. Economic impact aside, the sheer volume of sensitive, confidential data housed by the legal profession has alarm bells ringing across the industry and this latest spate of attacks exemplify the caution that must be taken by the legal profession to ensure that its clients’ data remains secure.

The substantial problems posed for the organisations that are targeted by these malicious hackers mean that is always advisable for organisations to seek specialist advice from IT experts who can assist with the fortification of data and, if necessary, the retrieval of data (if at all possible), once an attack has occurred. However, IT expertise is not the only way to approach damage limitation when attacks happen. The legal industry has at its (easy) disposal an armoury of weapons that it can deploy through the Courts. This includes an application for an  injunction against “person or persons unknown” (i.e. the anonymous hackers who orchestrated the ransomware attack) to prevent the use, publication, communication or disclosure of information illicitly obtained. Some of the difficulties that organisations face, however, when trying to tackle the fallout of any cyberattack is that the hackers can (and typically are) based in jurisdictions that are not easily within the reach of the English Court. However, not only can international relations (both formal and informal) assist with the swift enforcement of any remedies granted by the English Courts, but we have witnessed the swift use of legal expertise to proactively counteract the damage perpetrated by anonymous cyber attackers, to ensure that its clients’ data does not find its way into the wrong hands.

These most recent cyberattacks will no doubt be an important reminder to the legal industry of the paramount importance of IT security and the need to make use of all available anti-virus and anti-ransomware tools. Another important step to guard against cyberattacks will be to train legal professionals on how to identify potential cyberattacks so that they can avoid the increasingly sophisticated phishing/interception emails and fake website links being generated by cyber criminals.  Indeed, many organisations (including solicitors firms ad barristers chambers) now have back-up IT systems as part of their contingency planning against the business disruption caused by cyberattacks. CYK continues to pay close attention to the risks that cyberattacks pose to the legal industry and we use our expertise to act for victims of cybercrime. If you require any further information or assistance, please do get in contact with us.