Skip to the main content.
What Size Law Firm Are You?

We've crafted solutions tailored to your firm

Insurance Glossary

The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.

← Blog Home

Ransomware Today: Top Tips for Law Firms

2 min read

Ransomware Today: Top Tips for Law Firms

Ransomware Today 

Ransomware has been a curse for quite a while. Law firms are one-stop shopping for cybercriminals, alluring because they hold the data of many people and businesses. 

More than 80% of attacks today exfiltrate or take your data. That means you have a data breach – and potentially a number of legally required notifications. Attackers will try for two ransoms, one for the decryption key to restore your data and – if you’ve been lucky enough to be able to restore your data with known good backups that are NOT connected to your network, the cybercriminals will still demand a hefty ransom to keep them from selling or leaking your data. They’ll put pressure on you by calling the media or they will call your clients themselves to let them know that their data will be leaked or sold if a ransom is not paid. 

The average ransom paid at the beginning of 2021 was $118,000 – by the end of the year, it rose to $322,000. 

Ransomware now comprises more than 75% of cyberinsurance claims. Which is why you are paying more (30-40% more) for your premiums and getting less (as coverage exclusions proliferate). One increasingly common provision excludes attacks by nation-states. Often, it is unknown who the attacker is – and who is going to prove whether  the attack was a nation-state attack? We are already envisioning the court battles. 

Humans are a factor in these attacks more than 80% of the time – whether by clicking on a link, failing to abide by policies, using poor passwords, etc. We’ve even seen insiders selling out their employers for a portion of the ransom. Don’t ever assume that insiders, especially disgruntled insiders, can’t be a threat. 

Remediation costs 10 times more than the ransom paid on average. This is one reason why some victims and their insurers may want to pay the ransom. They are counting on a good outcome, which is not always wise. If the cybercriminals retain your data, they may demand another ransom. And if you paid for a decryption key, it rarely works for 100% of your data. 

By the end of 2021, the military – as well as both Microsoft and Google – announced that they had joined the fight. The military said they would impose costs on the ransomware gangs, though understandably declined to reveal the specifics. 

Corporations are going to court to seize control of malicious websites. Our government is arresting gang members and offering millions of dollars for the identification of major ransomware players. 

Russia itself shut down REvil, one of the most notorious Russian ransomware gangs in January 2022, based on information provided by the U.S.  In retrospect, who knows why? Were they placating us in advance before the war on Ukraine? Who knows? Their cooperation here remains a mystery to us. 

Our top tips for combatting ransomware: 

  1. Use multi-factor authentication
  2. Upgrade your router and firewall to include Intrusion Detection and Intrusion Prevention functionality
  3. Keep software updated and patched
  4. Use strong, complex passwords and a password management tool
  5. Install Endpoint Detection and Response (EDR) software on all endpoints
  6. Require annual mandatory cybersecurity awareness training for all personnel
  7. Utilize a cloud backup provider to help protect your data from ransomware
  8. Implement phishing testing for all employees
  9. Utilize WPA2 or WPA3 to encrypt all wireless networks
  10. Disable all unneeded network services
  11. Change all factory default settings
  12. Implement inactivity timers for all devices
  13. Maximize log collection and retention
  14. Begin implementing Zero Trust architecture 

Could we go on and on with tips? Yup, but then your heads would hurt. Enough for now. Get these 14 things done and you’re way ahead of most of your colleagues. 



Sharon D. Nelson, Esq., is the President of Sensei Enterprises, Inc., a digital forensics, cybersecurity and information technology firm in Fairfax, Virginia. Ms. Nelson is the author of the noted electronic evidence blog, Ride the Lightning and is a co-host of the Legal Talk Network podcast series called “The Digital Edge: Lawyers and Technology” as well as “Digital Detectives.” She is a frequent author (eighteen books published by the ABA and hundreds of articles) and speaker on legal technology, cybersecurity and electronic evidence topics. She was the President of the Virginia State Bar June 2013 – June 2014 and a past President of the Fairfax Law Foundation and the Fairfax Bar Association. She may be reached at

A Cautionary Tale of a Facebook Hack

4 min read

A Cautionary Tale of a Facebook Hack

My Facebook account was hacked. It happens. Probably to someone you know. Maybe it’s even happened to you. So why am I telling this story on our...

Read More
If You Are Hit by Ransomware, Do You Negotiate? If So, How?

1 min read

If You Are Hit by Ransomware, Do You Negotiate? If So, How?

The following post was originally published on October 1 on the Ride The Lightning Blog by Sensei Enterprises, Inc. If You Are Hit by Ransomware,...

Read More
The Nuts and Bolts of Mobile Digital Forensics for Criminal Lawyers

8 min read

The Nuts and Bolts of Mobile Digital Forensics for Criminal Lawyers

Digital Forensics Let’s start at the beginning. What is digital forensics? According to a 2008 US CERT (United States Computer Emergency Readiness...

Read More