In what is bad news for law and accounting firms, the professional and technical services sector has now overtaken the manufacturing sector as the prime target for ransomware attacks of Q3 2024.
According to cybersecurity company Nuspire: “These firms handle highly sensitive client data, such as financial records, legal documents, and business strategies, making them prime targets for ransomware operators.”
Nuspire predicts that, with ransom demands averaging around $2.5 million a hit for law firms, ransomware operators will continue to target this sector as long as the potential rewards outweigh the effort. The situation is particularly dire for smaller practices, which may lack the resources to protect against today’s increasingly ruthless and sophisticated cyber-attacks.
“Many of these organizations fall under the small or medium-sized business category and often lack the robust cybersecurity investments seen in larger enterprises. This underinvestment, coupled with outdated technology, weaker policies, and slower adoption of advanced security tools, leaves them more vulnerable to attacks. Ransomware operators typically go after easy targets,” warns Nuspire.
Extortion sites also threaten to release stolen data
Nuspire has also been monitoring known ransomware operators’ extortion sites where, following a successful attack, these gangs routinely attempt to extort their victims into paying their ransom by threatening to release stolen data if the ransomware demand is not met. Compared to Q2, publications on ransomware extortion have increased by 8.06%, with the most active period at the beginning of September this year. Infostealers, malicious software created to breach computer systems to steal sensitive information, also remain popular among threat actors.
“This stolen information creates a lucrative opportunity for threat actors, allowing them to quickly profit by selling the data to others while avoiding the increased risk and complexity of carrying out a more in-depth attack themselves. These sellers, known as initial access brokers, gain access to user or organizational credentials and post them for sale,” says Nuspire.
These ‘initial access brokers’ form a vital link in the ransomware chain. Once purchased, other threat actors can swiftly exploit this information to achieve their objectives, often resulting in ransomware attacks and data exfiltration.
In order to protect themselves against the financial costs of ransomware attacks and the resulting damage to client confidence, Nuspire recommends that law and accounting organizations instigate: endpoint detection and response (EDR); data backup and recovery plans, and cybersecurity awareness training for all staff.
