If you can’t get an attorney at DLA Piper to return your emails today, it might be because they’ve been instructed to keep their computers off. This isn’t a firm-wide “tech detox,” though, it’s a last ditch attempt to avoid a ransomware cyberattack that is reportedly ravaging the firm—and potentially costing hundreds of thousands, and possibly millions, of dollars in lost billings alone.
The attack appears to be similar to the WannaCry ransomware attacks that ravaged much of world last May, but largely left the legal industry unscathed. That doesn’t appear to be the case with this latest attack, much to DLA Piper’s chagrin.
You'll WannaCry After Today’s Attacks
The ransomware attack is spreading through Spain, France, Ukraine, Russia, and other countries, according to Vice’s Motherboard. As with WannaCry, the ransomware encrypts users’ files and holds their data hostage until they make a payment of $300 worth of Bitcoin.
The scale of the attack is also similar to WannaCry, with several thousand attacks being reported in the first hours of the crisis, Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard.
The malware, known as Petya, reportedly relies on the same “EternalBlue” exploit that WannaCry took advantage of. Microsoft has since fixed the exploit in a patch, but systems that are not kept up-to-date remain vulnerable.
Ransom ware attack reportedly used against TRK Luks (majority held by Lviv mayor Sadoviy), includes 24 Kanal too. https://t.co/K8ESouloCK pic.twitter.com/SK7Y62yBsz— Devin Ackles (@DevinAckles) June 27, 2017
Those unfortunate enough to have their computers infected are told “If you see this text, then your files are no longer accessible, because they are encrypted.”
“Nobody can recover your files,” the message continues, “without our decryption device.”
DLA Piper Takes a Hit
That message flashed across several DLA Piper computers today, it seems. Both Legal Week and Motherboard are reporting that the international law firm has been hit by the attack. From Motherboard:
Spanish outlet El Confidencial reported hackers had hit the Madrid office of DLA Piper, a global law firm. One person familiar with the attack sent Motherboard a photo of an infected computer the source said was in DLA Piper's Washington DC office, and claimed that employees had been told to leave their workstations (neither the DC or Madrid office immediately responded to phone calls).
A customer of DLA Piper told Motherboard they could not connect to the portal used to host sensitive documents. Motherboard confirmed that the portal is currently inaccessible.
Legal Week reports that the ransomware has apparently spread far beyond Madrid and DC, with offices around the world “locked down” in order to prevent further infection:
DLA’s phone system has not been working for much of the day and partners say they have been instructed to turn off their computers as a precaution. DLA offices in the UK, Europe, the Middle East and the US called by Legal Week all seem to have been affected, with some inside the firm saying email and phone systems have been affected with many systems now locked down as a precaution.
A Half-Million-Dollar Day
The impact on DLA Piper could be staggering: a law firm with over 4,000 attorneys, billing by the hour, locked out of its computer systems, even unable to make phone calls. How much would that cost?
Well over half-a-million dollars a day, we estimate, and just in lost billings for the Madrid and D.C. offices.
According to DLA Piper’s website, there are 17 partners in the Madrid office and four attorneys acting of counsel. There’s also one associate listed, though she’s apparently based in Lisbon.
Let’s assume that those partners lost six hours of billable work each due to being shut out of their computers and phones. Let’s assume the same for the Lisbon-based attorney. (We’ll skip the special counsel for now.) That’s a loss of 102 partner hours and six associate hours.
Now, let’s assume that the attack has shut down the DC offices as well, as Motherboard reports. DLA Piper has significantly more attorneys in Washington. The Washington office houses 78 partners and 44 associates, according to the firm’s website. If they each lost six billable hours, that’s 468 partner hours and 264 associate hours.
In those two offices alone, the firm would have lost 840 billable hours.
How much lost income would those 840 hours represent? By our back-of-the-napkin math, around $591,000.
That’s assuming those partner hours would have been billed out at $800 and associate hours at $500. We didn’t just pull these numbers out of a hat, though. The average partner rate was $765 in 2014, according to the National Law Journal, and assocates were averaging $510. Eight hundred and five hundred also align with the low end of billable rates reported by Gibson Dunn in a recent Chevron dispute over eDiscovery attorneys' fees. It’s not a great proxy, but it gives us a reasonable basis for the estimate.
That half-a-million number is only for two offices, keep in mind, and it excludes costs for cybersecurity responses, unproductive support staff, and other considerations. Should the ransomware attacks shut down more of the firm, the costs could reach well into the low seven digits. For one day.
Understandably, the firm is rushing to get everything back in order. "The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware,” a spokesperson said. “We are taking steps to remedy the issue as quickly as possible."
There but for the grace of robust cybersecurity protections go I.
This post was authored by Casey C. Sullivan, Esq., who leads education and awareness efforts at Logikcull. You can reach him at firstname.lastname@example.org or on Twitter at @caseycsull.