.svg)
BC law firm's computer system hacked by extortionist
December 31, 2014
The Law Society has been advised that a BC law firm found that its computer system was hacked and paralyzed by a computer virus known as the Cryptowall Virus when the staff showed up for work on Monday, December 29, 2014. Notices appeared on some of the firm’s computer monitors stating “Your files were encrypted and locked with a RSA2048 key.” The firm was advised to contact an address within 12 hours and pay an extortion fee to have the encryption unlocked. The notices further advised that if the firm did not pay the fee within the stipulated time, the fee would double. Finally, without payment, the files would be “irrevocably broken” after 30 days. The firm sought the help of its computer technician and did not pay the ransom or click on links provided by the extortionist regarding payment that may have exposed the firm to other risks. The firm had backed up its information and with the aid of professional technical assistance, was able to resume operations with systems running normally. The firm contacted the police who provided the firm with information about the virus which was likely transferred through an email attachment.
Lawyers are reminded to take steps to protect their computer systems, including regular back-up procedures, and not to open suspicious emails and attachments. Obtain professional technical help to protect confidential information if you do not have the expertise within your firm. Also, insurance can be purchased to protect against cyber risks, and certain excess policies provide some aspects of this coverage.
See section 3.3 of Code of Professional Conduct for British Columbia regarding a lawyer’s obligations to keep a client’s information confidential and Law Society Rules 10-4 to 10-5 regarding records and security of records. Also see Making your e-communications secure in the Fall 2014 Benchers’ Bulletin and Practice Watch in the Winter 2014 Benchers’ Bulletin detailing common scam attempts against BC lawyers and new professional obligations regarding the security of records. If you have questions about your professional obligations, please contact the Practice Advice department.
-
- Fraud Alerts
- Fraud Alert: March 25, 2021
- Fraud Alert: March 4, 2021
- Fraud Alert: October 22, 2020
- Fraud Alert: August 6, 2019
- Fraud Alert: July 10, 2018
- Fraud Alert: December 15, 2017
- Fraud Alert: October 11, 2017
- Fraud Alert: July 6, 2017
- Fraud Alert: January 19, 2017
- Fraud Alert: August 4, 2016
- Fraud Alert: August 6, 2015
- Fraud Alert: May 7, 2015
- Fraud Alert: April 8, 2015
- Fraud Alert: December 31, 2014
- Fraud Alert: August 28, 2014
- Fraud Alert: December 21, 2012
- Fraud Alert: August 1, 2012
- Fraud Alert: June 1, 2012
- Fraud Alert: January 6, 2012
- Fraud Alert: December 15, 2011
- Fraud Alert: July 21, 2011
- Fraud Alert: May 2, 2011
- Fraud Alert: March 23, 2011
- Fraud Alert: June 2, 2010
- Fraud Alert: June 19, 2009
- Fraud Alert: May 14, 2009
- Fraud Alert: December 15, 2008
- Fraud Alert: September 16, 2008
- Fraud Alert: June 10, 2008
- Fraud Alert: May 5, 2008
- Fraud Alert: January 22, 2008
- Fraud Alert: August 10, 2005
- Fraud Alert: July 8, 2005
- Fraud Alert: March 11, 2005
-
- Bad cheque scam
- Bad Cheque Scam: List of Names and Documents
- Bad Cheque Scam: Steps to Manage Risk
- Bad Cheque Scam: Twists and Developments
- Bad Cheque Scam: Common Characteristics and Red Flags
- Bad Cheque Scam: What To Do If You Suspect a New Client May Be a Scamster
- Bad Cheque Scam: Report Actual or Possible Trust Fund Shortages
- Bad Cheque Scam Publications
- Other Social Engineering Scams, Including Phony Change in Payment Instructions
- Real Estate: Value, identity and other frauds
- Cybercrimes