CYBER pirates have hacked into a Greenock law firm's computer system and stolen data as part of a 'serious and troubling' ransom attack.
Solicitors Patten & Prentice were targeted by online criminals in what the company describes as a 'sophisticated' operation which they 'deeply regret'.
The attackers captured and encrypted the firm's data — then sent a demand for money for the recovery of the stolen material.
Police Scotland's Cybercrime Unit is investigating and details have also been passed to the Information Commissioner.
The hack and ransom attack was reported to police late last month.
Patten & Prentice — who have been established in Greenock for more than 140 years — sent a letter and email to their clients last Thursday notifying them of what happened and urging them to be 'vigilant'.
The correspondence, a copy of which has been obtained by the Telegraph, states: "There is no evidence that your client data has been removed from our computer system, however, due to the nature of the attack we cannot state with complete certainty that a lack of evidence equates to a lack of data removal."
Patten & Prentice say they have hired a specialist firm, Mitigo Cybersecurity, in addition to their regular IT contractor following the attack.
Their letter to clients, from senior partner Ken Caldwell, says: "We have worked with them extensively and we are now satisfied that our encrypted data has been fully restored.
"Mitigo have also assessed the extent of the breach and the data which may have been exposed and removed.
"Our attackers have produced only a few internal screenshots along with other encrypted data regarding the firm's own business and, based on the advice we have received, this may be the limit of what they retain.
"With the passage of time that seems more and more likely. If we have evidence to suggest otherwise, we will notify you as soon as possible."
It is understood that Patten & Prentice sent out around 1,700 emails and 350 individual letters to clients.
They told them: "We invest in our IT systems and following the replacement of our hardware in March 2019 we had confidence in the security measures we had in place.
"Unfortunately, cybercrime in the legal profession is becoming more prevalent and we were subject to a sophisticated attack.
"Lessons have been learned and we have implemented additional safeguards on the recommendation of our experts to ensure our systems are as safe as possible moving forward.
"We recognise that this is a serious and troubling incident and deeply regret that this has happened."
The letter continues: "For the present, however, we would ask that you are vigilant about any emails you receive that appear to be from us, particularly if they contain an attachment or link.
"If any potentially suspicious emails are received, please contact us immediately."
In a statement issued to the Telegraph Mr Caldwell said: "We confirm that we have been the victims of a recent cyberattack.
"We have worked extensively with both our IT consultant and cybersecurity experts and we are now satisfied that our system is secure.
"We have taken steps to notify as many of our clients as possible and very much regret that this incident has occurred."
A Police Scotland spokesman said: "Police received a report of a cyber incident involving a business in Greenock on Monday April 27.
"Officers are engaging with the business affected and enquiries into the incident are ongoing."
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel