UK Information Commissioners Office adds to ransomware impacts with a fine for firm of solicitors
- Published: Tuesday, 15 March 2022 09:48
While organizations are well aware of the potential impacts of ransomware attacks, the additional risk of post-attack regulatory action is another very real consideration. This issue has been highlighted by a recent fine issued by the UK Information Commissioners Office (ICO) to Tuckers Solicitors following a successful ransomware attack against the firm.
The company was fined £98,000 after a data breach caused by ransomware.
The ICO Monetary Penalty Notice shows that the firm did not use MFA and had unpatched software in place. After gaining access to the network, the attackers were able to install tools and set up an account on the network, before deploying ransomware.
“Tuckers became aware on 24 August 2020 of a ransomware attack on its systems, and on 25 August 2020 determined that the attack had resulted in a personal data breach,” reads the ICO notice. “The Commissioner considers that Tuckers' failure to implement appropriate technical and organization measures over some or all of the relevant period rendered it vulnerable to the attack. The attack resulted in the encryption by the malicious and criminal actor of 972,191 individual files, of which 24,712 related to court bundles; of the encrypted bundles, 60 were exfiltrated by the attacker and released in underground data marketplaces.”
Commenting on the case, Steve Cottrell, EMEA CTO at Vectra AI, told Continuity Central: “As if the risk of disruption and data theft wasn’t reason enough for organizations to improve security hygiene and protect against ransomware attacks, the ICO is baring its teeth against victims who could have done more. For Tuckers Solicitors, with no multi-factor authentication and an unpatched vulnerability, it would have been easy for the attacker to infiltrate the network, install hacking tools, and even create their own account on the system before they deployed ransomware. This gave the organization multiple signs that an attack was in progress, as well as opportunities to detect it before highly sensitive data was exfiltrated and locked down.”