- Thomson Reuters
- Law firms are preemptively opening Bitcoin wallets in order to pay ransoms to hackers when client data is stolen. Opening wallets is just one contingency plan firms can make, and should be a “last resort.” The news comes as offshore firm Appleby admitted client data had been stolen in a cyber breach, and is now at risk of being leaked.
LONDON – Law firms are preemptively opening Bitcoin wallets to pay ransoms in case their data is hacked, according to a cyber-security expert.
Opening a Bitcoin wallet is just one contingency plan firms can make to prepare for cyber breaches in which client data is stolen, according to John Sweeney, president of IT and cyber security advisors LogicForce. This can be a useful “last resort” when the data is not backed up and cannot be restored unless a ransom is paid.
“The firms doing this are smarter,” said Sweeney, and are looking to take “conscientious” proactive, rather than reactive, steps. Sweeney stressed he did not generally advocate paying ransoms, but said it “makes sense” for firms to have a Bitcoin wallet to hand. “I certainly don’t see it as a bad move,” he said.
Data breaches at law firms are a growing concern: confidential information, often sent in unencrypted emails, risks being stolen and ransomed back to firms, used for fraud or sold to third parties to be used in crimes such as insider trading.
On Tuesday, offshore law firm Appleby admitted client data had been stolen in a breach last year. The firm’s super-rich clients are now bracing themselves for the possible exposure of their financial secrets.
Sweeney said firms must do more to enhance cyber security. He said the balance of risk and reward is “totally in the cyber criminals’ favour,” since the likelihood of a hacker being caught is slim, and the likelihood of being prosecuted is “infinitesimally smaller.”
“We are predicting there are going to be more sophisticated attempts to intrude at firms that work with highly visible clients whose IP or business information is extremely valuable,” he said.
However, paying a ransom is no guarantee of anything: according to Sweeney, it has taken firms two months and three ransom payments to recover data from hackers.
LogicForce is planning to open its own Bitcoin account within the next few weeks, in order to assist client “disaster recovery.”
“This is new,” said Sweeney – but in the long-run, “it could become a normal course of business.”