Case Study: 39D Managed IT Service – Ransomware Attack Recovery for Solicitors Firm
Ransomware Attack hits a medium-sized solicitors’ firm. A case study on how 39D Managed IT Service helped get them back on track
A medium-sized solicitors’ firm, operating in a busy area of Essex, had been providing legal services to clients for over 15 years. The firm primarily dealt with Conveyancing, family law, and Will’s and Probate. With a team of Seven employees, including solicitors, and administrative staff, they heavily relied on their computer systems for day-to-day operations, including managing client files, communication, and documentation.
Despite the critical nature of their work and the sensitivity of client information, they had neglected to implement robust data backup and cybersecurity measures. This lack of foresight left them vulnerable to cyber threats, as evidenced when they fell victim to a ransomware attack from an email. The attack resulted in the encryption and deletion of vital client files and blocked access to emails on all five computers within the office.
Upon engaging with 39D Managed IT Service, Matthew Southgate and his team immediately initiated a comprehensive assessment of the existing IT infrastructure and security protocols. Recognizing the urgency of the situation, they swiftly formulated a multi-step strategy to address the ransomware attack and restore the firm’s operations.
1. Containment and mitigation:
The first step involved isolating the affected systems from the internet and Network to prevent further spread of the ransomware. New email accounts were set up on Microsoft 365 with secure passwords and multifactor authentication was put in place to ensure basic communication and workflow continuity while the recovery process unfolded.
2. Data recovery and restoration:
39D leveraged its expertise in data recovery techniques to attempt to decrypt the encrypted files and regain access to critical client information. Simultaneously, they initiated a comprehensive data restoration process from a USB drive that had previously been used to complete some monthly backups. This data was filtered and scanned by 3 different anti-virus products before it was safe to be used on the new network.
3. Cybersecurity enhancement:
Recognizing the vulnerabilities exposed by the ransomware attack, 39D implemented robust cybersecurity measures tailored to the staff’s needs and job roles. Replacing the basic ISP router with a managed firewall and content filtering to help block website attacks. Blocking traffic from high-risk countries and enabling secure VPNs for remote working. This included deploying endpoint protection solutions, implementing email security protocols, and establishing secure backup systems to prevent future incidents.
4. User training and awareness:
39D conducted customized training sessions for staff to educate them about cybersecurity best practices, such as identifying phishing attempts and safeguarding sensitive information.
5. Continuous monitoring and support:
Post-recovery, 39D implemented continuous monitoring systems to detect and respond to any suspicious activities and block them promptly.
They also provided ongoing technical support and maintenance to ensure the firm’s IT infrastructure remained secure and resilient.
Through the collaborative efforts of 39D Managed IT Service, the firm successfully recovered from the ransomware attack and fortified its cybersecurity posture. Key outcomes included:
• Data Recovery: A significant portion of the encrypted client files was successfully decrypted or restored from backups, minimizing the impact on ongoing cases and client relationships.
• Cybersecurity resilience: The implementation of robust security measures and ongoing monitoring, significantly reduced the risk of future cyber threats, enhancing both internal operations and client trust.
• Staff empowerment: Through tailored training and awareness programs, the firm’s employees became more vigilant and proactive in identifying and mitigating potential cybersecurity risks.
• Operational continuity: Despite the disruption caused by the ransomware attack on Wednesday, Monday Morning they managed to resume normal operations, ensuring minimal impact on client services and business continuity.