For months, Jeffrey Wicks has been telling just about any colleague who would listen about the time the computers in his office were hacked and his data was held for ransom.
He told the story so often that his friend, attorney Steven V. Modica, asked: “Why don’t you stop whining and do something about it?”
So Wicks organized the CLE, hosted by the Monroe County Bar Association, called “My Firm Got Hacked and Taken Hostage: Anatomy of a Cyberhacking,” where Wicks opened the program with a detailed account of the cyber-intrusion at his office.
“I want to tell every attorney so they take measures to make sure that this never happens to them. I don’t want this to happen to any of my colleagues,” Wicks said.
Assistant U.S. Attorney Craig Gestring reminded the audience what former FBI Director Robert Mueller said in a 2012 speech: “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
And former FBI Director James Comey said during a 2014 interview on “60 Minutes:” “There are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.”
Gestring, who told the audience members repeatedly to change their passwords when they return to their offices, said that he was sure some of them have had their computer systems broken into and hackers peaked at their computer files and they don’t even know it.
Be aware of potential insider threats, such as disgruntled employees, especially in-house IT workers, who routinely have access to everything, the experts said.
Jerry R. Grant, a digital forensics investigator whose company is called J.R. Grant Computing Consulting, said that hackers try to use internet popups and emails with threats and fake urgent messages to catch you off guard and trick you into clicking on something that will give them access to a victim’s computer.
Stop and read what’s on the screen before you click on anything, he warned. Hackers don’t follow the same rules as legitimate programmers, Grant said. Trying to close a popup by clicking on “cancel,” or “X” could turn out to actually be the same as clicking on OK, which could let hackers into your computer network.
Keeping your computer operating system and applications updated is one suggested preventive measure, Grant said. It’s also a good idea to use a portable hard drive to backup files, but don’t leave it connected to your computer or else it can be hacked along with your computer, which defeats the purpose of having a separate backup.
On March 7 Wicks, or someone else in his office, apparently clicked on an email attachment they shouldn’t have, which resulted in much of his firm’s data being encrypted.
The hackers demanded 20 bitcoins — a digital currency often used in illicit transactions — in return for decryption keys to unlock the firm’s computer files.
“We had no idea what to do. I had never heard of bitcoin before this,” Wicks told an audience of about 60 lawyers Tuesday.
He turned to IT experts with lots of experience dealing with similar attacks who negotiated with the hackers and got the ransom demand reduced to two bitcoins.
At that time, one bitcoin was worth about $1,200. Today, they’re worth about $6,300.
But it took about three weeks to buy the bitcoins, causing a delay in payment to the hackers. And when Wicks finally paid up, the hackers reneged on the deal and demanded more bitcoins.
After paying about $5,000 in ransom, Wicks decided the data wasn’t worth any more. The episode cost about $20,000 — $5,000 for bitcoins, plus $10,000 in fees to his IT consultant and $5,000 for new computer equipment.
But, thanks to his paralegal and office manager Cheryl Personte, Wicks had cybersecurity insurance, which covered the expense.
“There was an infamous conversation a few years ago where she said, ‘I think we ought to step up our office insurance to include cyber-insurance,’ to which I uttered these infamous words: ‘Why would we need that?’” Wicks recalled.
“I gave into her judgment and we got it,” he said.
In early April, hackers again encrypted his data for ransom, but Wicks had learned from the first experience and his stuff was backed up in a safe place, which allowed him to restore everything in one day without paying any ransom.
The American Bar Association just announced it has updated “The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business, Second Edition.”
The updated edition expands on many of the issues raised in the 2013 first edition. The book is co-edited by cybersecurity legal experts Jill D. Rhodes, chief information security officer at Option Care and former senior executive with the intelligence community; and Robert S. Litt, counsel, Morrison & Forester and former general counsel of the Office of the Director of National Intelligence.