What do Elton John, the rock band U2 and Lady Gaga all have in common besides music? An attorney who has fallen prey to a ransomware attack!
Since the end of March, nearly every newscycle has been dominated by COVID-19. And rightly so, as millions have died, millions more have been infected, and no corner of the world has stayed untouched by it. But while all attention has been focused on a virus of the biological nature, digital viruses have always remained a threat – especially those connected to ransomware attacks! Case in point: the ransomware attack hackers have unleashed on prominent entertainment lawyer Allen Grubman and his firm, Grubman Shire Meiselas & Sacks in New York.
Grubman represents the likes of Elton John, U2, Lady Gaga, and plenty of other big names in the industry, and as of yesterday, the hackers were purportedly demanding $21 million or else they’d make public the sensitive client data (data they had encrypted, so Grubman’s firm no longer had access to it).
What do the hackers have on poor Lady Gaga that they may threaten to release? Salacious photos? (Obviously, for Lady Gaga, that’s a very high bar!)
What should Lady Gaga do with this? Should she write a check? When the dust settles, should she have professionals review who has access to her confidential information?
Clearly, Grubman and company were not prepared to face cybersecurity threats like ransomware attacks, and now the firm’s client may have to pay a heft price.
For more on cybersecurity threats, check out this Bold Business story on the State of Louisiana declaring a state of emergency last year due to ransomware attacks.
The Dangers of a Cyberattack
There are a variety of ways a hacker can break into a system and cause damage. Unsuspecting employees, who lack the security awareness training, can inadvertently give a bad actor access by downloading a malicious attachment. WiFi can be compromised. An improperly configured VPN (virtual private network) can spell doom for companies whose employees work from home. This list goes on.
Meanwhile, the damage incurred from these attacks can be catastrophic to a business. Take Grubman’s firm, for instance.
Since the goal of an intruder in a ransomware attack is to encrypt the victim’s data and hold it for ransom, the amount of money demanded in return for the de-encryption key can be astronomical. But beyond the ransom, there’s also the damage done to a business’ reputation.
The damage spreads beyond just the business whose data is being held ransom. In this particular case, Lady Gaga, Elton John, U2 and the rest probably felt like they had nothing to keep safe from hackers, and therefore had no cause for concern when it came to cybersecurity. But now they will pay because someone who did have their data failed to effectively protect it. Imagine if it were a business that were relying on a supplier, and that supplier were subject to a ransomware attack?
To make matters worse, some industries have regulatory requirements when it comes to protecting client data, thereby creating a fiduciary duty that, when violated, can also be costly to the victim.
For more on cybersecurity, data privacy protections and corporate fiduciary duty, check out this Bold Business story.
The Best Defense for a Ransomware Threat Is Preparation
It’s difficult, if not close to impossible, to get back encrypted data held in a successful ransomware attack. This makes preparation the best defense against such threats.
The crux of that preparation: A comprehensive internal audit by experienced cybersecurity professionals that will identify any and all gaps and vulnerabilities. Once that audit is completed, the subsequent report must include recommendations on how to fill those gaps and sew up those vulnerabilities.
In addition, since cybersecurity threats are constantly evolving, there is a clear need to have consistent security countermeasures and monitoring in place at all times.
“Preparation for any ransomware threat is essential,” says Bold Business’ resident Master Security Consultant Steven Wiegelt. “With ransomware, if you’re not prepared for an attack, you may never recover.”
Today, it was revealed that Grubman’s hackers have doubled their ransom demands, changing that original $21 million to a whopping $42 million. In addition, they’ve upped the stakes and announced that they have sensitive information on President Donald Trump.
Whether or not that’s true, and whether or not it was smart to invite the full investigative weight of the Federal Bureau of Investigation into the mix, is besides the point. What matters most is the damage Grubman’s firm will surely face–monetarily, reputationally, and otherwise.
And it was all preventable.
Ed’s book, Project Bold Life: The Proven Formula for Taking on Challenges and Achieving Happiness and Success, is due out later this year. For more information, check out his site.