Ransomware and The Good Wife

We’re a bit slow following up on our TV, so we just got around to watching The Good Wife, Season 6, Episode  5. It’s a last year’s episode, but even though couldn’t be more timely.  For those who need the background, The Good Wife takes place in a law firm. In this spoken-about episode, one of the firm’s partners gets hit with ransomware after opening an email supposedly coming from a colleague (later on to confirm that the email was not sent by the colleague).

As the ransomware started to encrypt all files residing on computers of the law firm’s network, the cyber-extortionists set an ultimatum to the firm – either to pay the $50,000 ransom within 72 hours or have all their data destroyed.

(Warning: spoiler alert)

Since two lawyers are in a middle of a litigation case needed their files urgently, the firm decides to pay the $50,000 ransom to access the encrypted files. Although the sum was paid, the firm remains locked out from their computers.

As the plot unravels, the IT team – together with the help of an FBI agent, were able to track the IP address to an elderly man that was the "money mule", receiving instructions from a threat actor in Russia. As communications with the Russian cyber-extortionist take place, Hollywood’s best enters with a new twist of events: introducing law firm’s own extortion tactic. The counter-extortion? Posting anti-Putin propaganda in the name of the threat actor. The Russian cyber-extortionist quickly surrenders, decrypting all files and the obvious happily ever after ends the episode.

It seems that The Good Wife’s background researchers took their job seriously. Hollywood deserves the accolades for replicating real life so well (OK, until the counter-extortion part). Ransomware is increasingly targeting legal firms. Earlier this year, law firm of Ziprick & Crammer sent a letter to their clients explaining that they were the “victim of a single cyberattack, by a relatively new variant of Cryptolocker-type virus,”. While Ziprick & Crammer may have been one of the first to come out and be so frank about the ransoming of their data, they certainly are not the first to be targeted. 

Recent research estimated that criminals that had built a certain infrastructure for ransomware infections earned about $30MUSD annually. With such a high motivation, ransomware is not going to stop. On the contrary, recent statistics show that this threat is increasing and even expanding beyond the traditional platforms such as targeting Android users.

To put it with The Good Wife’s Diane’s quote referring to ransomware: "It's absurd, it's like modern day piracy." Indeed.

Read more on how law firms can protect themselves from ransomware