Loading... Please Wait!

The Forensicators Present ... Are You Prepared for the Next Big Ransomware Attack?


At this point, you’ve most likely heard about, read about, or even had the unfortunate experience to be affected by, the largest outbreak of ransomware attacks in history. For those not completely familiar with, or don’t fully understand, what ransomware is, then you are at the right place. Ransomware is a type of malicious software that an attacker uses to lock your files and prevent access to your data until you have paid their ransom demand. The attack is usually carried out by sending a legitimate looking email, with a file attachment or link, baiting the user into opening it.

The first major ransomware attack in the recent group occurred when WannaCry hit computing systems across the globe. While the world began recovering, strengthening security, putting safety precautions in place, and patching systems, there was a second major strike, NotPetya. Both attacks are believed to have used tools stolen from the National Security Agency (NSA); tools developed to take advantage of security holes in Windows operating systems.

Although Microsoft released security patches to combat the holes, before and after both attacks, many systems remain unpatched and are still at risk. Even if the patches are put in place, the malware changes rapidly.  Within two weeks of the first attack, there were at least six different versions of WannaCry identified, raising the question: Is it even possible to keep up with all of the different versions of malicious software and release patches to fix the issues quickly?  Before many IT and cybersecurity experts could even attempt to answer, NotPetya hit, taking advantage of many of the same vulnerabilities as WannaCry.

Ransomware is growing quickly and is very dangerous. Recent attacks on healthcare systems highlighted the ramifications beyond damage to files and systems.  With hospitals and doctors losing access to critical patient files, the potential impact on patient care became significant.

Each attack spreads like a wildfire; once it gets into the network, it moves laterally within the systems, infecting machine after machine. Ransomware is approaching epidemic status and is not going to go away until cyber-criminals are no longer able to profit from it.

While there is no single solution for this problem, good preparation for cyberattacks like ransomware can make the difference between being a serious victim and having it be a non-event.  In much of the U.S., WannaCry had little effect because of the precautions taken.  Here are some important areas to highlight:

  1. Patch systems as soon as updates become available – any delay leaves you completely vulnerable (as some NotPetya victims learned)
  2. Create routine backups of each system
  3. Educate users, teaching them the importance of not opening unknown emails and attachments
  4. Monitor incoming and outgoing network traffic regularly
  5. Install gateway antivirus, intrusion detection and prevention systems (IDS/IPS), and proxy servers
  6. Create and put in place strict policies and organizational rules, including restricting the transfer of password protected and/or encrypted files, as well as executable and MS-office files containing macros


In the end, knowledge, understanding, and awareness of the environment, on top of the right threat intelligence, can be the most essential tools you employ to defend against cyber-attacks. Counsel should be aware of the key role they play – interpreting the legal risks and ramifications associated with cybersecurity, data protection, and compliance. iDS has experts who are trained and highly experienced in helping organizations, large and small, defend themselves against cyber-attacks, including ransomware.  We can work with you to develop a plan that fits your firm and your level of risk tolerance.  You can contact me at ssingh@idiscoverysolutions.com for a free consultation with our team to review your current cybersecurity situation and how we can help.  


To access previous blog posts from The Forensicators, please CLICK HERE.


Please email Mr. Singh at ssingh@idiscoverysolutions.com to discuss ransomware precautions, other cybersecurity issues, incident response, and forensics needs, as well as how the experts at iDS can assist with all your legal technology needs on your next case or internal investigation.




The opinions reflected in this post are solely those of the author, are for educational purposes to provide general information, and do not necessarily represent the views of iDiscovery Solutions (iDS), nor any current or former employee of iDS. Moreover, any references to specific litigation or investigation work or findings are fact-specific. This blog should not be used as a substitute for competent legal advice. 


Download Keys to Today’s Information Governance Landscape