CPAs Now Targets of Ransomware

IMGCAP(1)]Ransomware—malware that can block access to a computer system until a ransom is paid to the perpetrator—is targeting professionals in ways that are likely to cause the unsuspecting to open an infected file.

While most CPAs are sophisticated enough not to open an email that says, “Hi, I’m Cindy. Remember me?” there are other ways to entice the potential victim.

One of them is a communication from their professional association. In fact, a wave of ransomware is hitting lawyers on the West Coast, causing state bar associations to issue warnings, according to Ricard Jorgensen, president of Jorgensen & Company, a broker and managing general underwriter in the professional liability field.

“Emails sent to attorneys appear to be from state bar associations and reference a complaint, the details of which claim to be in an attached document,” he said. “That doc contains the ransomware. This isn’t an unusual attack, but the apparent infection rate at small and solo firms is significant.”

While this message specifically relates to state bar associations, it is just a matter of time before the criminals turn their attention to the state boards of accounting and target CPAs, Jorgensen predicted. “In fact, we have already seen an increasing number of ransomware attacks, or cyber extortion, in the CPAGold program, so this is happening now,” he said.

“If you receive any notifications from a state association, do not open any attachments regardless of the claims,” Jorgensen cautioned. “Instead, phone them as soon as possible via their normal contact number. Don’t phone any number provided in the email.”

These claims can be costly and complicated, Jorgensen observed. “Few professional liability insurers provide the coverage. In fact, many insurers’ policies contain a specific Cyber Extortion exclusion,” he said. “This is a clear and evolving threat to CPAs.”

Paul Paray agreed. “Given that credit card data and account information is now dirt cheap to buy on the dark web, it no longer makes much sense for criminals to exclusively target financial information, especially since the data must also be sold after it’s stolen,” said Paray, a partner at Zimmerman Weiser & Paray LLP and a specialist in accounting and law firm network security, privacy and risk management. “Much more lucrative—and quicker to obtain—are the bitcoins deposited by ransomware victims into a thief’s account.”

Although recent attacks have fed on a lawyer’s publicly accessible email address, these same attacks also go after other professionals. “For example, targets include hospitals, where patient information can ill afford to stay locked for a very long time,” said Paray. “As well, a growing number of accounting firms are falling prey to ransomware.”

“Ransomware is especially damaging to accounting firms given the fact that accountants hold critical financial data of clients that is often deadline-focused,” he said. “The threats will become more pronounced as criminals realize the benefit of redirecting resources to ransomware aimed at professionals such as lawyers and accountants.”

Paray cautioned not to click on a link, file or image from an untested source or untrusted URL. “They won’t come in if you don’t open the door,” he said. “The extra seconds it takes to confirm the actual sender of an email message or owner of a website is well worth the time.”

“Professionals, especially accountants and lawyers, should also consider purchasing insurance that covers ransomware losses, including the related IT expenses,” he said. “Such insurance is typically purchased using a standalone policy that has been around for years. There are some malpractice insurers, however, who provide such coverage directly in the policy. Tech vendors and legal counsel associated with these carriers typically have years of experience handling these incidents and can be rapidly deployed to address any situation.”

And for those who wish more information on professional liability risks and how to protect their firm, Accounting Today is hosting a webinar on the topic with three industry experts on Monday, June 27 at 2 p.m. EDT. To register, click here.

For reprint and licensing requests for this article, click here.
Technology Data security
MORE FROM ACCOUNTING TODAY