FRAUD ALERT: Manitoba Firms Fall Victim to Ransomware Scams

The following is an excerpt from a fraud alert recently posted to the Law Society of Manitoba website, with a scenario that could also threaten Nova Scotia lawyers:

“In the past two weeks, two Manitoba law firms have been hit by viruses – not COVID-19, but computer viruses, specifically a ransomware virus called MAZE. It is suspected that someone clicked on a link or an attachment in an email that was infected with a virus which in turn infected the firms’ entire systems. As a result of the virus attack, they have no access to email, Word, their accounting software, or any of their backups, including cloud backups. Everything is tied up by MAZE and they have been asked to pay an enormous ransom to regain access to any of their work.

You are vulnerable. A ransomware virus could take over and lockdown everything a lawyer or law firm has ever created electronically – accounting software, client lists, document management systems, financial software, email, everything you ever created in Word, Excel, all the photos taken at firm events, and whatever treasures were kept on personal computers.“

For more information about the recent ransomware attacks in Manitoba, please click here.

In the past, similar ransomware virus attacks have been reported in Nova Scotia. A ransomware-infected email link or attachment may appear to be from a financial institution or company (e.g. a package delivery service), or, in recent times, with regard to COVID-19 related matters. Once an infected link or attachment is opened, the virus will begin to corrupt the victim’s system files. A pop-up window will soon appear on the computer screen, restricting access to the system and its files until a ransom is paid to the creator of the virus.

These warning messages may also claim to be from the RCMP or other government agencies stating that their computer has been frozen for a criminal investigation involving ‘child pornography’ or ‘illegal music downloading’. This is an attempt to scare victims into sending money to unlock their system, although the computer will not be unlocked if the money is paid – the scammers will disappear once the funds are transferred.

These programs install themselves and encrypt files on the computer’s hard drive, and are extremely difficult to remove, with no guarantee that your data can be recovered. Here’s how to protect yourself:

• Be vigilant about the legitimacy of all emails received – do not open email attachments or click links from unverified senders
• Never click on a pop-up that claims your computer has a virus
• Turn on your browser’s pop-up blocking feature
• Keep your anti-malware and firewall programs up-to-date and perform scans on a regular basis
• Schedule regular system updates and maintain backups of your data to ensure that your files are protected
• Never download anti-virus software from a pop-up or link sent to you in an email
• If you’ve received a ransomware message, contact the Canadian Anti-Fraud Centre (1-888-495-8501) to report it
• If your computer becomes infected, do not pay the scammer’s ransom request – have it cleaned by a computer repair service to remove any malware.

As we’ve warned in the past, we bring this to your attention for several reasons. Social engineering fraud is not part of the cyber coverage we offer in our policy. In the similar cases, coverage has been denied by a cyber insurer when the lawyer/firm did not have the social engineering rider on its commercial cyber policy. Second, depending on the facts, there may not be coverage for such a fraud under the professional liability part of your insurance policy either. Accordingly, a lawyer falling victim to such a fraud who lacks appropriate insurance coverage could be in the position of having to reimburse their trust account for the loss.

For tips to avoid being victimized, or to report or seek advice on dealing with fraud and scam attempts, contact Cynthia Nield at cnield@lians.ca or 902 423 1300, x346.