Back to Blog

How law firms can recover from ransomware

Post by |

Over the years we have seen major changes in the way firms use technology, and the risks they face to maintain IT uptime. The most significant shift in the risk landscape is the growth of cyber threats – particularly ransomware.

Risks, like fashions, go through cyclical trends. The last two winters have increased the awareness of floods, particularly for firms in London, Surrey, Cumbria and Yorkshire. Extended power outages are also on firms’ radars following the underground fire in Holborn last year.

But it’s ransomware that has become the biggest cause of major recovery. Over 50 new variants have emerged since the start of 2016 and antivirus protection alone cannot guarantee protection. Due to the amount of revenue being generated by cyber criminals, experts are predicting continued growth in both the sophistication of targeting and in the volume of attacks.

As a disaster recovery provider, we are often called into action to help recover firms when their security has already been breached and an infection has occurred - and it is occurring at a growing rate. Outright prevention is practically impossible; attacks are evolving too quickly and software-based solutions are locked in an arms race to keep pace.

The prevalence of attacks means firms must now assume that an infection will occur at some point, and devise specific incident response plans to minimise downtime and data loss. For me, the best assessment of the current state of affairs has come from London-based immigration and employment solicitors Magrath LLP:

“10 years ago, legal IT was very different: we were mostly concerned with keeping the lights on. Now, compliance and security have become critical factors and alongside protecting confidential information, one of a law firm’s biggest fears must be the threat of ransomware and the potential disruption it could cause.”
Nick Doughty, Head of IT and Facilities at Magrath LLP

Recovering from ransomware

Once infected by ransomware, you essentially have two options: pay the ransom or recover your data from a previous backup. Interestingly, recent research from TrendMicro suggests that a fifth of those who pay the ransom don’t actually get their data back - so the only way to be sure is to have historic copies of your data.

When recovering from ransomware, your two aims are to minimise the amount of data loss and to minimise the amount of IT downtime for the firm. But despite Disaster Recovery as a Service being the preferred method of IT recovery for many firms, traditional disaster recovery services aren’t optimised for cyber threats.

Replication software immediately copies the ransomware from production IT systems to the offsite replica. Recovering from ransomware demands reverting to a clean historic version of your data (from before the infection occurred) which usually means restoring from backups.

The problem with restoring from your backups, however, is the length of time it takes. Restoring every file from a large document management system can take hours, or even days, when recovering from backups, so you’d have to contend with significant downtime for the recovery process too.

Cyber-Disaster Recover as a Service

To solve this problem, we have recently launched a new Cyber-DRaaS service which offers rapid recovery, layered with cyber threat protection.

After initial scanning to establish a clean bill of health, we continuously replicate and scan your environment in isolation on our secure infrastructure platform. This delivers a regularly updated point in time from which to both scan against and recover to.

We've automated the process of finding the most recent clean replica of your production systems. This means that if you suffer a ransomware infection, you can recover within the same Recovery Time Objectives offered by our DRaaS platform, which can be as little as 15 minutes, as well as getting the most recent Recovery Point Objective too.

The rapid change in the cyber risk landscape demands an equally swift response in our methods of defence. Find out more about Cyber-DRaaS.

About the Author:


Peter has a history in understanding and mitigating risk, having spent many years working in risk management roles within the banking sector – particularly developing applications to monitor value-at-risk across the banks treasury and hedged products. In 2000 Peter combined his skills in application development with his love of sailing to set up his own company building ship monitoring and harbour management software, integrating Search and Rescue using G.P.S. and Radar.

| See all our contributors
Back to Blog