British Columbia

Ransomware hackers pose threat to B.C. law firms

Three B.C. law firms have been hacked by online extortionists in the past two years. One even paid a ransom. So how should firms deal with ransomware attacks?

Three law firms hacked by extortionists using malware to lock files and demand ransom fee

Ransomware is a form of malware or malicious software. It seeks out files on your computer and locks them to make them inaccessible to you. Cybercriminals demand money — a ransom — to unlock your files. (Ryan Remiorz/Canadian Press)

Computer hackers hold a law firm's files hostage and demand a ransom: if it sounds like a plot dramatic enough for a TV series, that's because it was. The Good Wife devoted an episode to the problem of ransomware last fall.

But according to the Law Society of B.C., three real-life B.C. law firms have fallen prey to hacking blackmailers in the past year - the latest just days before New Year.

One even paid money to get back control of their files, which had been restricted by hackers using malware to infect the computer system until the firm paid up.

So how should firms deal with ransomware attacks? And should they tell their clients? Not necessarily, says a spokesperson for the Law Society, who told the CBC no data was compromised in these events.

"It is our advice that duty of confidentiality owed to a client includes notifying them if that duty may have been breached, but it’s important to note that data is not necessarily breached in these cases, and client files have not been accessed," said spokesperson Ryan-Sang Lee.

The CBS series The Good Wife dedicated an episode of the popular TV series to a law firm threatened by ransomware. (David Giesbrecht/Associated Press)

"Indeed, we understand that this type of malware operates by encrypting the software on the host computers and does not result in the transmission of the data outside the law firm to any party."

But president of Vancouver-based Neo Code software Joshua Paul, who has advised clients on how to deal with ransomware, said if hackers can access a firm's information in order to encrypt it or destroy it, there's no telling what else they might have done with it. 

"If they had access to the file system to encrypt it in the first place, they'd be able to access the content of the files," he said. "But there's no financial benefit."

Restricted files would be 'irrevocably broken'

The Law Society issued a notice to its members about the latest ransomware attack, using malware called Cryptowall, on New Year's Eve.

Employees had arrived at work on Dec. 29 to find notices on the company's computer monitors warning their files had been locked and encrypted.

Firms are sent this encryption notice after hackers use CryptoWall ransomware to take files hostage and demand a ransom payment. (

The firm, which has not been identified, was told if a fee wasn't paid within a stipulated time, the files would be "irrevocably broken."

The company had a backup of the files and refused to pay the ransom. The incident was reported to police, who said the attack likely came through a virus transferred by email.

The Law Society issued a similar warning last year, after two other B.C. firms were targeted, one of which paid the ransom.

Ransomware hackers typically ask for amounts ranging from $200 to $400 in Bitcoins, a digital currency which cannot be easily traced by authorities.

And B.C. is not alone in being targeted by ransomware hackers. In 2013, a police department in Swansea, Mass. admitted to paying a ransom to get their files unlocked.

And last year, a lawyer in Charlotte, N.C. said he lost an entire cache of legal documents despite an attempt to pay $300 blackmail.

Who should firms notify about hacking?

B.C.'s Information and Privacy Commissioner said her office has received no word of any of the attacks on law firms — and reporting is voluntary for private firms.

However, the commissioner has recently proposed an amendment to the Personal Information Protection Act for mandatory breach notification.

B.C. Privacy Commissioner Elizabeth Denham has not received any voluntary breach notifications from law firms relating to ransomware. (CBC)

As for clients, Joshua Paul, president of Vancouver-based Neo Code software, believes it should be the firm's responsibility to notify customers about computer hacks.

"You've hired them to protect your confidential data ... It's actually not their data. That was my data that was breached or my data that was encrypted or my data that was destroyed," he said.

Ontario-based legal technology expert David Whelan said ransomware attacks aren't about hackers trying to access personal data.

"You might want to notify [clients] that you have this event," he said. "I'm not even sure that I would say it's a breach."

Whelan said many Canadian lawyers work out of small offices without highly sophisticated IT departments and advises concerned clients ask a lawyer the following questions before retaining counsel:

  • How do you deal with technology and how are you going to protect my files? 
  • How do you deal with things like passwords and ransomware attacks and phishing?
  • What have you done proactively to prepare for those things?


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.