epa06053418 A screen displays the website of the global law firm DLA Piper showing a message about a malware attack advising readers that their computer systems have been taken down as a precautionary measure due to what they describe as a serious global cyber incident, as seen from Launceston, Tasmania, 28 June 2017. Kaspersky Lab reported that the malware, despite resembling 'Petya' malware that affected computers last year, is believed to be a new type of ransomware which it labelled as 'NotPetya'. The ransomware has reportedly affected mostly Ukraine, Russia and Poland with around 2,000 cases reported in the countries. US pharmaceutical giant Merck, the world's second largest such firm, and Australia's Cadbury chocolate factory were reportedly affected, among other global companies. EPA/BARBARA WALTON
Screen displays the website of the global law firm DLA Piper showing a message about a malware attack © EPA

DLA Piper, one of the world’s biggest law firms, is still struggling with the effects of last week’s global cyber attack, with employees’ access to emails and documents severely curtailed in what insiders have called a “disaster”.

The law firm’s equipment was among the hundreds of thousands of computers hit by the ransomware attack, which occurred on June 27. It is believed to have emanated from Ukraine, with experts pointing to an update to payroll software provided by a Ukrainian accounting firm.

Cyber security analysts and western intelligence officials have said the malware was the work of a hostile state, possibly Russia.

For two days after the attack all telephones and emails at DLA Piper, which has about 3,600 lawyers in 40 countries, including in Kiev, the Ukrainian capital, were knocked out.

The firm then managed to recover some of its systems, but nine days on from the attack, it has not managed to regain complete access to emails sent or received before the ransomware struck, according to people briefed on the firm’s recovery.

Some staff are also unable to access documents directly, according to the people. However, affected staff are able to tap colleagues for help obtaining those files if required.

DLA Piper — which posted revenues of about $2.5bn in 2016, with average profit per equity partner of $1.66m — has a huge client roster. It services multinational companies, banks and other financial services providers, government ministries, media companies, energy groups, sports teams and film studios.

Immediately after last week’s cyber attack, DLA Piper said its “advanced-warning system” had detected suspicious activity on the firm’s network, apparently related “to the global cyber event known as Petya”. It said it had contacted “leading external forensic experts and relevant authorities”, including the National Crime Agency in the UK and the FBI in the US.

On July 2, it issued a statement to say it had “brought our email safely back online, and continue to bring other systems online in a secure manner”.

On Thursday DLA Piper issued another statement to say that “it may take time to bring back all our systems” and was working with “industry professionals” to get them back online securely. “Our offices are open and we are advising clients.”

“Protecting the integrity and confidentiality of client data and removing the malware from our systems remains our critical priority,” it added.

One insider said that to the best of its knowledge the firm had not had any client information stolen.

DLA Piper, like many other law firms, offers cyber security advice and services to businesses. In a report accompanying its “flagship” 2016 European Technology Summit, the firm said: “Ongoing concerns over cyber attacks are still high among almost half of companies interviewed; yet only one quarter have response plans in place, which leaves those unprotected open to a major attack.”

It is not clear why DLA Piper was affected by the ransomware while other global law firms with a presence in Ukraine were not.

“There but for the grace of God,” said a spokesperson for a large UK firm that also has offices in Kiev.

Additional reporting by Caroline Binham

Get alerts on Cyber Security when a new story is published

Copyright The Financial Times Limited 2021. All rights reserved.
Reuse this content (opens in new window) CommentsJump to comments section

Follow the topics in this article