Three US law firms were hit with ransomware over the weekend and researchers estimate 50% of US organisations were attacked in the past year.

The astonishing growth in cybercrime was revealed in the ‘State of the Phish‘ report from cybersecurity firm Proofpoint.

The researchers analysed more than 9 million malicious email, spoke with 600 industry leaders and 3500 IT employees to come up with their estimate.

They also ran 50 million phishing attack simulation emails.

As a result, they believe that in 2019, 50% of organisations were hit with ransomware, 55% fell victim to phishing attacks and 90% were targeted by malicious phishing emails.

Bitcoin remains the most popular method of payment demanded by cybercriminals.

Coughing up can be pointless

The Proofpoint data suggests that paying the ransom is no guarantee of getting the key to decrypt your systems.

The majority of organizations refused to play ball with the hackers (which experts recommend), but about a third caved into the demands and coughed up the ransom.

However, only 69% of ransom payees regained access to their systems. 7% were hit with further ransom demands while the other 22 % got nothing.

The researchers found more than half of phishing victims faced downtime hours and remediation time, nearly half saw damage to their reputations and about 35 percent saw direct business impacts due to a loss of intellectual property.

The report has some notable caveats including numerous respondents who believed that ransomware and phishing attacks had not noticably increased in the past year.

Three US law firms attacked this weekend

Brett Callow from Emsisoft said that five US law firms had been hit by th Maze ransomware gang recently, including three over the weekend.

Maze has also stolen data from the City of Pensacola, Allied Universal, Southwire, an accounting firm, a medical testing lab, medical practices and more.

Maze names each company attacked on its website and also publishes a small amount of stolen data in order to convince them to pay a ransom up to $1 million on threat of publishing everything.

In this weekend’s attacks they published confidential client information from two of the firms.

Micky has chosen not to link to the data for obvious reasons, though we’ve verified it exists.

“It’s the equivalent of a kidnapper sending a pinky finger,” Brett told Micky.

“If the organization still doesn’t pay, the remaining data is published, sometimes on a staggered basis.

“The group has also published data in Russian hacker forums with a note to ‘Use this information in any nefarious ways that you want’. In other words, it’s highly likely that more of the firms’ data will be published unless they pay.”

Emsisoft offers free decryption tools if your business is unlucky enough to be hit.