Ransomware is a type of malicious software ("malware") that is infecting computers. It acts by locking or encrypting users' data. Users see a message on their computer screen informing them that their data will be held until a ransom is paid. The price escalates for each day the ransom remains unpaid, and if the user refuses, it will be deleted. Unfortuantely, this scam has already hit at least one law firm, albeit in Canada. There are variations of the scam, including ones where the message purports to come from the FBI or a governmental entity and demands a "fine."
Where this scam is concerned, prevention is the best cure. Even if an email comes from someone you know, don't click on a link or attachment unless you verify it or were expecting it. Use caution when browsing the web, and make sure your antivirus software is always current, as are your browser (Internet Explorer, Chrome, Firefox) and your operating system (load those service packs and updates!). Always have more than one computer backup. Keep in mind, any backups that are part of your network could be compromised too. They would need to be physically removed from the network, like a backup drive that is disconneted.
Cybersecurity Resources from the ABA's Cybersecurity Legal Task Force
How to Recognize Phishing Email Messages, Links, or Phone Calls
A good resource for training staff members to recognize and avoid phishing scams.
Internet Check Scams that Target Attorneys and Law Firms by Don Coker
Check scams are becoming more and more sophisticated and the scammers often target attorneys. Learn how to protect yourself and your firm.
What You Don't Know Can Hurt You: Computer Security for Lawyers by Mark Lanterman
Report Cyber Attacks:
Hackers and/or Computer Viruses - If you find yourself on the receiving end a virus, report the scam immediately to the FBI Cyber Crime Division and the Internet Crime Complaint Center (IC3). Then call a reputable computer professional for assistance.
Spyware - Run a spyware scan and then report the incident to through the FTC's Complaint Assistant website.
Spam - Use a spam filter and forward any spam that slips past your filter to the FTC at email@example.com or file a complaint on the FTC's website.