Ransomware attacks lock 2 Manitoba law firms out of computer systems

Work at two Manitoba law firms is at a virtual standstill after cyber attacks left staff without access to their computer systems, locking out digital files, emails and data backups.

The Law Society of Manitoba said entire computer systems at the two firms were infected with ransomware, a type of virus that blocks access to computers or files until a ransom is paid, in the last two weeks.

It left lawyers and staff at the firms without access to client lists, emails, accounting and financial information, photos and other digital files. Cloud backups were also locked. 

"It is suspected that someone clicked on a link or an attachment in an email that was infected with a virus which in turn infected the firms' entire systems," read a notice on the society's website. 

Kristin Dangerfield, the chief executive officer of the Law Society of Manitoba, said the two attacks weren't the first against Manitoba firms, but coming in the midst of a pandemic doesn't make it easier.

"At any time this would be a challenge, but in this environment, even more so," Dangerfield said.

The firms have been asked to pay an "enormous" ransom to regain access to any of their work, the society said.

Dangerfield said she isn't aware of what the firms are doing with regard to payment of any ransoms and said she wouldn't speak publicly about it if she did know.

She also wouldn't name the firms that were attacked.

"It would be inappropriate for us to do that and we expect the firms to notify their clients directly," Dangerfield said.

The law society identified the ransomware virus as Maze. A global cyber crime group of the same name claimed to be responsible for a number of similar incidents in the last six months. 

In Dec. 2019, Virden, Man.-based insurance and financial brokerage company Andrew Agencies confirmed it fell victim to a similar ransomware attack. 

Just one month after that, a Toronto construction firm that has won millions of dollars worth of contracts with the military and other federal departments was also hit. Bird Construction wouldn't say at the time whether they paid their cyber-assailants.

Cyber attack coverage 

All law firms Manitoba have mandatory cyber attack coverage and are getting direction from a law firm in Toronto as to how to manage through the data breach, Dangerfield said. 

She said the firms can use paper records and court filings to retrieve some of their data, but acknowledges lawyers have an an enormous amount of privileged and confidential information that needs to stay out of the wrong hands.

However, the firms may never get the information back.

"At this point, we do not know when or if they will ever regain complete access to their kidnapped data," the law society's warning said.

But cyber security expert Eddie Phillips said the situation may get even worse.

"If it's one of the versions that can steal the data ...[the cyber attackers may say] pay us or we are going to leak the data," Phillips said. "For a law firm, that could be devastating."

Phillips company, Shield Networks Inc., provides education to organizations on how to watch closely for these kind of cyber intrusions, but the perpetrators are remarkably successful.

Education for staff on what to look for, Phillips said, is critical to defending against those intrusions.

The cyber security consultant said between payoffs, lost wages and IT consultants, ransomware has cost approximately $1.6 trillion in the last two years alone.

"It's absolutely insane the things they can do," Phillips told CBC News.

• 'Definite uptick': Global wave of ransomware attacks hitting Canadian organizations

The warning from the Law Society of Manitoba to the rest of the province's lawyers is explicit.

• Cybersecurity firm says criminals are preying on coronavirus fears to spread malware

"You are vulnerable. A ransomware virus could take over and lock down everything a lawyer or law firm has ever created electronically." 

Phillips said he too has heard more and more about hackers "riding on the back of fear" of COVID-19 to suck in unsuspecting victims, again warning people to watch what they click and be informed. 

The law society's notice said email attachments claiming to include COVID-19 outbreak maps, links to register for seminars or links to information purportedly from vendors about the disease have been suspect, but Dangerfield wouldn't confirm that's the case here. 

"Prevention and preparation is your only defence," Phillips said.