Providence Law Firm Pays Cyber Criminals, Files Remained Locked

Providence Law Firm Pays Cyber Criminals Thousands

A prominent law firm, located in Providence, Rhode Island, was hit with ransomware three months ago.  Their systems are back to normal after the attack hit, but not until after they paid the cyber criminal thousands.

The law firm was hit with an unknown ransomware variant months ago.  The firm agreed to pay the $25,000 ransom demand; however, upon doing so, the decryption key did not work.  They decided to reach out to the cyber criminal again.  After renegotiating an unknown amount, they obtained additional instructions to unlock their data.  It is believed these additional measures did unlock the files.

Unfortunately, the law firm is now in a legal battle with their cyber security insurance provider, Sentinel Insurance Company.  The law firm is alleging the insurance company is not providing compensation for the cyber attack.

Other Ransomware Attacks

To see a full list of ransomware attacks that have taken place in 2017, you can click here. We have also created a ransomware map, see below, of the ransomware attacks that have taken place in the U.S.

(Visited 2,446 times, 1 visits today)

3 thoughts on “Providence Law Firm Pays Cyber Criminals, Files Remained Locked

  1. Here’s a method to thwart “ransom ware” that has worked for me. When the ransom page and verbal threats appear on your monitor, DO NOT attempt to leave the page or touch any part of the keyboard. Immediately use the on/off button on the machine to completely turn off your computer. You will lose any open work, but that’s better than suffering through the trials of a ransom. Once it’s completely off, you can restart. Your home page should reappear. A notice that your computer was closed improperly may also appear. It will ask if you wish to return to the location you occupied before the computer shut down. DO NOT go back. It will take you to the ransom ware page. You should be able to return to using your computer normally

    • @ James Green

      Dear James,

      I think that you were exceptionally lucky because – the moment the threatening page appears – the damage has
      already been done and that has been the situation in all of the cases I have researched.

      The ‘devil’ has already been planted – just waits for you to unlock its intentions – in my case a Firefox update
      whether to instal now or later box – completely innocuous and genuine looking. In theory your file attacker
      should or could still be lurking in the shadows. Just switching off your machine does not mean it has gone
      away. By the way – all ransomware is written in such a way as to prevent RESTORE DATES/POINTS.

    • @James Green: Those webpages that have the verbal threats are bogus. They can’t actually do anything to your computer. Those pages and alert boxes just want to scare you into calling a phone number (which I’ve never called of course).

Leave a Reply

Your email address will not be published. Required fields are marked *