Law Firms in Manitoba at a virtual standstill after being attacked by Maze ransomware!
Two law firms of Manitoba Law society have been hit by ransomware named Maze locking up their whole system and even their cloud backups in demand of a large sum of ransom.
“At this point, we do not know when or if they will ever regain complete access to their kidnapped data,” the Law Society of Manitoba said in a statement.
The law firms have been asked to give “an enormous ransom” (exact numbers not specified by the firms) if they want their data and system back but for a law firm, the greatest danger lies in unlawful access to all that sensitive data of hundreds of cases. The ransomware Maze is popular for finding sensitive data and use it to blackmail their victim by threatening to release it to the public and for a law firm it could lead to grave consequences for their clients.
Though they are not exactly sure how the computer system was infected by the malware, the firm suspects it was one of the employees that clicked on a link that downloaded the malicious file.
“It is suspected that someone clicked on a link or an attachment in an email that was infected with a virus which in turn infected the firms’ entire systems,” read a notice on the society’s website.
Kristin Dangerfield, the chief executive officer of the Law Society of Manitoba says that this isn’t the first time they are attacked but coming down with a problem like this during COVID-19 lock-down creates quite some issues in resolving this attack. “At any time this would be a challenge, but in this environment, even more so,” Dangerfield said.
She neither commented on naming the attacked firms nor she said if they would pay the ransom. “It would be inappropriate for us to do that and we expect the firms to notify their clients directly,” Dangerfield said.
These types of attacks are quite common in law firms as they contain important and sensitive data of their client that could be devastating if released in public. It’s better to invest in proper security measures and employee training to protect their data then to spend in finding solutions later.