DLA Piper is working with the the FBI and the UK National Crime Agency (NCA) to get its systems back online, as the firm enters its second day of outage following the ransomware attack that prompted it to shut down its computer and phone systems around the world.
The firm’s email system is still out of action, while landline telephones are also still down as the firm moves to backup switchboards.
In a statement, the firm said it is working with external forensic experts and law enforcement authorities, including the FBI and the NCA, to recover from the attack and establish its source.
But calls and emails to the firm either failed or went unanswered. The U.K.’s Legal Week reported that the attack had “knocked out phones and computers across the firm,” including in Europe, the Middle East and the U.S.
Earlier Tuesday, Bloomberg reported that the Petya virus has been spreading across Europe, including in Russia and Ukraine, where more than 80 companies were locked out of their networks and a $300 ransom in cryptocurrency was demanded to unlock them.
Reported victims included Russia’s largest crude producer, Rosneft, which issued a statement that it had avoided major damage by switching to “a backup system;” and also Maersk, operator of the world’s largest container line, Saint-Gobain, a French manufacturer, and the U.K. media company WPP Plc. There was no word on who was behind the attack.
It follows the WannaCry attack in May, also a global ransomware attack that demanded $300 in bitcoin from victims and reportedly hit computers in more than 150 countries.
Nor is it the first time that law firms have been subject to a cyber attack: In May, a federal judge ordered three Chinese hackers, who broke into the email accounts of senior attorneys at New York law firms in order to obtain inside trading information, to pay $8.9 million in fines and penalties. Although the law firms in the case were not identified, Weil Gotshal & Manges and Cravath, Swaine & Moore, both suffered data breaches according to the Wall Street Journal.
Law firms have been working to step up their own cyber security measures, including by gaining certifications or in some cases, only communicating with clients through encrypted channels that lessen the chance that sensitive data will be obtained by hackers. Last July, Los Angeles divorce attorney Stacy Philips joined Blank Rome after spending years as a solo practitioner, citing concerns about the security of client information on her network.
With offices in more than 40 countries, and several thousand lawyers, DLA Piper is one of the largest law firms in the world and claims on its website to have handled the most M&A deal activity by overall volume of any firm.
Although banks and others have pointed to law firms as a weak link in the cybersecurity chain, it is also a fast-growing area in which law firms are advising clients.
In 2015, DLA Piper released a 50-minute movie, “In a Flash” about a fictionalized company that suffers a data breach, which it used as a marketing tool for clients.
In the film, after the company suffers a breach, one character exclaims, “We don’t even know who to call — the FBI!?! the NSA!?!”
She adds, “Our networks have been breached, we’ve received an extortion demand!”
No word yet on how DLA Piper is actually responding to its real malware threat, and possible ransom, but we’ll file an update with more news when we have it.