The ICO has issued a fine to Tuckers Solicitors following a successful ransomware attack against them. The company was fined £98,000 after a data breach caused by ransomware, during which hackers accessed 24,000 court bundles containing sensitive data such as medical files and witness statements – which were then released on the dark web. The action notice shows the firm did not have MFA in place, and had unpatched software for six months leading up the breach. After gaining access to the network, the attackers were able to install tools, set up an account on the network, before deploying ransomware.
As if the risk of disruption and data theft wasn’t reason enough for organisations to improve security hygiene and protect against ransomware attacks, the ICO is baring its teeth against victims who could have done more. For Tuckers Solicitors, with no Multi-Factor Authentication and an unpatched vulnerability, it would have been easy for the attacker to infiltrate the network, install hacking tools, and even create their own account on the system before they deployed ransomware. This gave the organisation multiple signs that an attack was in progress, as well as opportunities to detect it before highly sensitive data was exfiltrated and locked down.
As human-operated ransomware actors become more sophisticated, it’s vital that organisations can detect signals of malicious activity in near real-time, connecting the dots to spot attacks and act quickly. The key to this is making sure they have advanced threat detection capabilities. By reducing the time it takes to spot threats, providers can mitigate the impact of ransomware, stopping attacks before they become breaches.