RANDALL WILLIAM ZINN | E-DISCOVERY
The Importance of a Non-Traditional
Escrow Account in Your Firm
A HIGH-VALUE TARGET.
We tend to serve a wide variety of clien- tele. Not too long ago, we were informed that an attorney we know had been made into a ransomware victim.  e entire content of his computer had been encrypted by a criminal seeking to extort money. In the sale of any- thing, the vendor (in this case the demander of the ransom) will choose the currency. With cyber-crime, that will always be a cryptocur- rency, such as bitcoin.
By this time, all of us have likely been the victim of ransomware or know someone that has.  is self-same attorney was instructed to send 1.5 bitcoins to an unfamiliar internet address, using a currency and method which were completely foreign to him. His response was “I don’t negotiate with terrorists.”
My immediate follow-up question dealt with his last veri ed backup – of which he had none. “I have over $34,000 in unbilled time on that computer!”
Suddenly, someone was going to have to negotiate with a terrorist. Fortunately for my client, my  rm already had a cryptocurrency account (bitcoin) setup.  rough a painful process over the course of days, we negoti- ated the release of the key by facilitating the ransom payment for this attorney. It should also be noted at this juncture that when a ran- som is paid, there is no guarantee when and if your data will be restored. In this case, the data release and restoration took place three days a er the payment transaction. Also, to be noted, the longer you wait to pay the ransom, the higher the demanded ransom will likely become.
If needed for your  rm or one of your clients, how quickly and safely could your  rm acquire and convey cryptocurrency as- sets? Bitcoin is not the only cryptocurrency, but it is the recommended place to start and the most frequently discussed. Certainly, we could get into the details of what cryptocur- rency is, how it’s created and how it’s used, but I don’t believe that is the most judicious use of our time. What we can say is that crypto- currency is a digital, virtual currency in which encryption techniques are used to regulate the
generation of units of currency and verify the transfer of funds, operating independently of a central bank. Due to its encryption, it is the preferred currency of those ransoming your data. In my experience, a typical amount of a ransom demand is usually between $2,500 to $5,000 (USD), assuming the ransom is paid early in the ransom demand period.
 is leads us to a curious consideration – is there value in having a bitcoin account estab- lished as a type of set-aside account for use in cases of incursion and ransom for either your  rm or a client’s data? I was recently speaking with an insurance group who handles cyber insurance and found they now provide a ser- vice of guiding their clients through establish- ing a bitcoin account in order to release ran- somed data. Why wouldn’t/couldn’t a law  rm have a set aside bitcoin account for themselves or provide such a service for clients?
Is paying a cyber-criminal their ransom the only thing you can do with your bitcoin ac- count? No.  is is a brokered asset, and like any asset that you would have it could very well grow ... or lose... substantially in value.
Once the transaction is completed, hope- fully the  les have been restored. Does any of this mean that you should not forensically try to  nd out who perpetrated this evil on you? Absolutely not. Should any of this ransom demand come through servers in the United States, then the FBI can become involved.
Should you be attacked, feel free to con- tact us and we can guide you in the correct direction. Time is of the essence. Finding out where and how the cyber-criminals broke in will assist your IT department in determining any security holes which exist and how best to secure your technology and data.
RANDY HAS WORKED EXTENSIVELY IN THE LEGAL SUPPORT FIELD AS A TECHNOLOGY CONSULTANT AND SOLUTION PROVIDER. HE HOLDS A CERTIFIED COMPUTER EXAMINER CREDENTIAL WITH THE INTER- NATIONAL SOCIETY OF FORENSIC COMPUTER EXAMINERS, AS WELL AS MAINTAINING SOFTWAREBASED FORENSIC CERTIFICATIONS. HE HAS BEEN A FORENSIC INSTRUCTOR AND EXAMINER, PERFORM- ING EXTRACTION, EXAMINATION, AND REVIEW OF EVIDENCE. HE HAS ASSISTED IN TRIAL PREPARATION AND HAS BEEN HIRED AS AN EXPERT WITNESS BY LAW FIRMS IN CLEVELAND AND CHICAGO. HE HAS WORKED WITH THE FBI ON BREACH AND INCURSION CASES. IN ADDITION, HE HOLDS PATENTS IN THE VIDEO CONFERENCING AND COURT REPORTING INDUSTRIES. FOR MORE INFORMATION, PLEASE CALL (440) 892-9997.
Bitcoin is
not the only cryptocurrency, but it is the recommended place to start and the most frequently discussed. ”
AttorneyAtLawMagazine.com
7