Ransomware — Stronger Than Ever

Ransomware, the malicious malware that can spread quickly across a computer network, encrypting or otherwise locking down access to data, cost businesses, health organizations, educational institutions, and others millions of dollars in lost revenue and disrupted operations in 2019.

Gerd Altmann/Pixabay

It’s hard to believe that the first ransomware virus was created three decades ago. In 1989, Joseph L. Popp infected 20,000 floppy disks (remember those?) with a virus, which were distributed at a global World Health Organization gathering. Nonetheless, it took another seventeen years before ransomware began to achieve a high level of sophistication.  It wasn’t until 2005 that the first contemporary ransomware programs began to show up. In 2008, Bitcoin’s emergence was a game changer for ransomware cyber criminals by providing a mostly anonymous system of transferring money and making it easy for them to extort their victims.  Since 2011, large scale ransomware attacks have escalated. For a recap of these and other key events and attacks from 2005 through February 2020, see KnowBe4’s timeline.

A lot is written about ransomware. Enter Infographics, one way to obtain a quick and clear visual overview of the current state of ransomware. For example, MalwareFox offers an infographic that outlines the trends and figures for ransomware statistics in 2019.  According to their infographic, desktops were the most infected device (80%), access was gained most often through phishing via email or social media (69%), the major cause of attacks started with careless employees (51%), and 46% of victims did not pay the ransom and instead decrypted on their own or replaced data with backup. The infographic also includes a map that reveals the distribution of ransomware attacks across the world — the U.S. was hit 46% of the time, while other countries or continents were hit less than 10% of the time.

Darwin Laganzon-Pixabay What makes ransomware difficult to deal with is the continuing evolution of new strains of ransomware. If you are interested in learning what the 10 “monstrous ransomware strains that haunted 2019” were, take a look at this infographic from Acronis. Details on each monster strain appears just beyond the infographic. Ryuk, number seven on the list, was responsible for a pervasive attack that halted production at a giant Belgian airplane parts manufacturer for weeks and sent home nearly 1,000 employees on paid leave while the company struggled to restore critical systems frozen by the attack.  The Ryuk virus continues to attack, most recently hitting the Tampa Bay Times in January 2020.

Network file encryption is a type of attack that locks access to files by encrypting them. Vectra AI’s infographic breaks down the victims of this type of attack by industry around the world and in the U.S. The finance and insurance industry is hit hardest in Europe and the Middle East (35%), with the healthcare industry at 18% and energy industry at 17%. Like Europe and the Middle East, in the U.S. the finance and insurance industry is hit hardest at 38%. Education is a close second at 37%, followed by governments at 9%. The infographic also shows where network file encryption has been detected by region.

An infographic from Dropsuite provides additional information on the most targeted industries along with a list of the most notorious attacks since 2013, and the top ransomware infiltration tactics. Interestingly, Dropsuite predicts a five times increase growth of ransomware attacks on hospitals by 2021.

What’s ahead, you ask? According to Comm & Tech Blog’s infographic, ransomware attacks will increase to 1 in every 11 seconds by 2021.  They also predict that 70% of the people who pay ransom will not get their data back. McAfee’s threats prediction infographic describes new directions ransomware attacks will take, including the emergence of cyber criminals merging to create malware-as-a-service families, evasion techniques moving toward the use of AI, and attacks moving to target cloud services. Notable is the prediction of issues presented by voice-controlled digital assistants allowing entry into the home. It looks like ransomware may be coming very close to home. You might want to reconsider buying those smart appliances … or … take charge and learn how to protect your smart home from potential hackers.

Pixaline-Pixabay

Images from Pixabay contributors: Gerd Altmann, madartzgraphics, and Pixaline.

As a result of issues raised by CRIV, law schools and courts may now purchase an IP-authenticated electronic version of just the ABA/Bloomberg Law Lawyers’ Manual on Professional Conduct

I thought I’d take a quick minute to make sure that my fellow government and law school libraries had an opportunity to read this part of Request for Assistance #2 in the Post-Call Addendum.

“As a result of issues raised by CRIV, law schools and courts may now purchase an IP-authenticated electronic version of just the ABA/Bloomberg Law Lawyers’ Manual on Professional Conduct at a price significantly less than a full Bloomberg Law Patron Access terminal. Librarians should contact their Bloomberg Law Relationship Partner for more information.”        

Neither CRIV nor I are certain of the pricing at this time.  Hopefully, this continued accessibility by the public and the librarians who help them will be continued by publishers as print ends.

All in One Place – Software & Vendor Trainings

If you have ever thought about how nice it would be if there was a guide that listed multiple different vendors along with a short informative description and links to their how-to tutorials and trainings — all in one place — you are in luck.  The Villanova Law Library has put together a pretty cool LibGuide on “Software & Vendor Trainings” primarily focused on legal research and practice management vendors.

In the LibGuide’s Legal Research section, links to training materials may direct you to help centers, archived/live webinars, videos, FAQs, certification training, and tutorials. Vendors include Bloomberg Law, Westlaw and Practical Law, and Lexis, plus state bar vendors Fastcase and Casemaker, as well as specialty vendor platforms Checkpoint and Wolters Kluwer’s Cheetah.

What might distinguish the Villanova Law Library LibGuide from others is its section on practice management vendors — twelve in total. For students heading out for summer jobs (or new attorneys or those of you teaching law practice management and technology classes), this part of the LibGuide may be particularly useful. There are links to overview videos, setup guides for new users, and special features unique to a particular platform.  Vendors included here are AbacusLaw, Amicus Attorney, Clio, CoCounselor, CosmoLex, Firm Central, HoudiniESQ, Jarvis Legal, MyCase, Practice Panther, Rocket Matter, Time Matters, and Zola Suite. Whew!

There is also a small section on free presentation software — emaze, Google Slides, Prezi, Trial Director for iPad, and ZohoDocs-Show, and under the Other Resources section, you will find links to CALI lessons and CALI videos.  Definitely a guide that packs a punch and is worth a look.

“The Wall” Litigation Moves Forward, But Slowly

Discussion about the cost of access to documents on PACER (Public Access to Court Electronic Records) — sometimes referred to as “The Wall” — is not a new one.  In the May 2017 issue of The CRIV Sheet, an article described the background of the availability of court documents, the evolution of PACER, and a group of four lawsuits filed against PACER at the time.

Recently, The Goodson Blogson posted an update on this ongoing litigation focusing on one of these law suits, a class-action led by three consumer protection groups: the National Veterans Legal Service Program, the National Consumer Law Center, and the Alliance for Justice.  A New York Times article on the case, states that the complaint “highlighted practices of overcharging or double-charging individual users, and also challenged the judiciary’s practice of using excess PACER income for costs unrelated to the maintenance of the court record system.”  More specifically, according to a Minnesota Law Review article, at the center of this class action suit was a phrase in the E-Government Act of 2002 that states courts may impose fees “only to the extent necessary” to make public records available.

Last year, federal District Court judge for the District of Columbia Ellen Segal Huvelle ruled in favor of the plaintiff consumer groups, accepting the challengers basic theory. The case is now on appeal in the U.S. Court of Appeals for the Federal Circuit and, perhaps predictably, there has been a flurry of supporting Amicus Curiae briefs.

AALL, along with the American Civil Liberties Union, American Library Association, Cato Institute, and the Knight First Amendment Institute at Columbia University, presented an amicus brief supporting the idea that the First Amendment guarantees the public a right of access to judicial records through PACER.  

The Reporters Committee for Freedom of the Press and 27 Media Organizations has filed a brief in support, stating the “policy is bad for democracy” and that “news outlets across the country face leaner budgets” and the budgetary challenges are especially hard on “independent journalists and community news media companies.”

Another supporting brief was filed by former Senator Joe Lieberman, one of the original sponsors of the E-Government Act of 2002.  Senator Lieberman, in his brief, claims Congress meant for fees to cover costs “only to the extent necessary” and that allowing the government to charge fees higher than costs necessary is “at odds with the text, history, and purpose of the E-Government Act of 2002.” (see pgs. 2-3)

In addition, the ABA Journal in an update on the litigation, mentions seven retired federal judges who have filed a supporting brief, including former Circuit Court Judges Richard Posner and Shira Scheindlin.  The judge’s amicus brief calls on the court to allow the information to be accessed for free, arguing. among other things, that it would increase judicial transparency and the legitimacy of the courts.

Oral arguments took place last week on February 3, 2020.  You can listen to arguments at the Court of Appeals for the Federal Circuit oral argument website, appeal number 2019-1081.  A Bloomberg Law article summarizing the oral argument states the “judges appear[ed] to reject [the] government’s broad reading of the statute” and “focused on merits, not government’s jurisdiction argument.”

Post updated: 2/10/2020

Additional Update — Wolters Kluwer Cheetah

Wolters Kluwer has provided an additional update and clarification to the CRIV blog post of February 4, 2020 on the Cheetah platform regarding missing content.  From Wolters Kluwer:

As of August 2017, Wolters Kluwer has added all of its trusted legal content onto the Cheetah legal research platform. At AALL 2018, Wolters Kluwer announced that all of its law firm and corporate customers would be migrated from Intelliconnect to the Cheetah platform by the end of the year as their contracts came up for renewal.

Academic customers were provided with additional time to make the transition from Intelliconnect to Cheetah. Even today, some law school libraries still have dual access to their subscribed content on both Intelliconnect and Cheetah as the continue to make the transition.

If you are an Academic customer who has not yet transitioned to Cheetah and would like to discuss your transition plan with Wolters Kluwer, you may contact Sean Hearon, Academic Sales Lead, at SeanHearon@wolterskluwer.com 

If you are already a Cheetah customer and have questions about your account, you can contact Wolters Kluwer at 1-800-955-5217 or email: CheetahSuport@wolterskluwer.com.training-support/cheetah.

Wolters Kluwer Cheetah Update

Several law school libraries that subscribe to Wolters Kluwer’s Cheetah database and platform have experienced multiple issues with unexpected and unpredictable missing content for several months.  Briefly, here is what happened and an expected time frame for fixing the issue.

Originally, tax content was managed by the Tax and Accounting (TAA) division at Wolters Kluwer.  In August of 2019, the Legal and Regulatory (LAR) division took over management of the tax content.  The missing content problem stems from the period when TAA was managing the content.  When renewals came up this past year, TAA renewed content to Intelliconnect, the prior platform, instead of to Cheetah.  To update the system properly, LAR has had to move content manually from Intelliconnect to Cheetah on a law school by law school basis, which is taking time to complete based on the volume of content that needs to be transferred.

Completion of the manual movement of content to Cheetah is expected by the end of February this year.

CRIV/BBNA Semiannual Call Minutes (December 2019)

Thursday, December 17, 2019, 11:00 am Eastern

Participants: Joe Breda (President, Bloomberg Law); Mike Bernier (Director, Knowledge Services and Library Relations; Bloomberg Law); Vani Ungapen (Executive Director; American Association of Law Libraries (AALL)), R. Martin Witt (Chair, AALL Committee on Relations with Information Vendors (CRIV)); Karen Selden (AALL Board Liaison to CRIV)

New Bloomberg Law Products, Policies, and Issues of Interest

  • Corporate and litigation Practical Guidance tools continue to be expanded. New suites include:
    • Initiating & Defending Litigation
    • Litigation Finance
      • Both go live on December 18, 2019
      • Both fully integrate with existing tools on Bloomberg Law (e.g., Points of Law; Docket Key; SmartCode)
    • Law X.0 podcasts
      • Available on Apple Podcasts and Stitcher.
        • Focused on the future of the practice of law
      • Workflow enhancements
        • Revamped alerts management system
        • Simplified printing process, including bulk printing and downloading multiple files from a results list.

Upcoming Bloomberg Law Products, Policies, and Issues of Interest

  • Big product release of 2020 Q1 will include
    • Brief Analyzer
      • To be released to all Bloomberg Law customers
      • Will allow users to upload a brief and get related legal materials from Bloomberg Law

Requests for Assistance (RFA)

RFA #1 – Restrictions on Docket Use (Academic Law)

R. Martin Witt:

Background – There were a number of Requests for Assistance in which AALL members reported having Bloomberg Law users who were told that their Bloomberg Law accounts were prohibited from executing any further Dockets Transactions. These users received a letter from Bloomberg Law’s legal counsel saying they had been identified as having an excessive amount of docket transactions. Some AALL members also indicated that they had users also were told they were banned “for life.” Historically, AALL members have Bloomberg Law have often recommended Bloomberg Law as a resource for access dockets, precisely because there was not a preset limit on the transactions that could be completed.

Joe Breda:

In general, Bloomberg Law offers pretty much unlimited/unmetered dockets access to every single law school seat. There is, however, an external variable cost associated with the transactions, which is borne by Bloomberg Law. Docket usage is increasing at a non-linear rate, and – rather than severely limit docket access across the board in the law school market – Bloomberg Law identified 23 individual users whose usage was several orders of magnitude above “normal” usage and contacted them, referring to a Bloomberg Law’s general provision allowing access to be restricted.

Those 23 users are not forbidden from accessing Bloomberg Law; they are also not forbidden from accessing dockets on Bloomberg Law. The restriction applies only to the ability to incur costs via docket requests and docket alerts. Those 23 users could only perform actions that would generate costs if they agreed to cover the costs of those actions.

Agreements to cover the costs of docket requests have been discussed with two of the 23 users, but a billing mechanism is still being worked out by Bloomberg Law.

Mike Bernier:

Bloomberg Law will be meeting with a group of Law Library Directors at AALS, to gather feedback and perhaps work to establish thresholds that could be used moving forward. The purpose is not to reduce the use of dockets for general legal research, but instead to curb the excessive use of dockets above what is reasonably expected.

Joe Breda:

Again, the vast majority of law school users (students and faculty) – 99.8% of academic users –were completely unaffected.

R. Martin Witt:

Were any of the 23 users running scripts or were they all manually gathering/using dockets?

Joe Breda:

That’s less of a relevant question in this instance, because even if done manually the fees incurred were extremely high. This is particularly true with docket tracks because, once set up, they can generate substantial fees without any further human action required.

R. Martin Witt:

To recap, there is no strict limit right now, but setting a threshold will be discussed at AALS. Other aspects CRIV would recommend be included in those AALS discussions are 1) the possibility of some warning, prior to restricting docket functionality for users; 2) perhaps a suspension period prior to a permanent restriction of certain docket actions; 3) whether the permanent restriction will remain for all 23 users already identified.

Joe Breda:

Bloomberg Law is totally willing to return full functionality to any of the 23 users under either of two circumstances: 1) they discontinue whatever actions were driving disproportionate fee generation or 2) they reach at least an informal agreement to bear the financial burden for the excessive activities.

R. Martin Witt:

Finally, the letter from General Counsel indicated that “efforts to circumvent the prohibition” would lead to suspension and/or termination of the Bloomberg Law agreement. What would constitute efforts to circumvent? Would, for instance, a Reference Librarian requesting an item that the faculty member with restricted access could not request be an effort at circumvention?

Joe Breda:

Absolutely not, that activity by a Reference Librarian would be fine. The efforts at circumventing that are not permitted would be things like transferring all the existing alerts that caused an account to be restricted to another account that had not been restricted.

A summary of the AALS meetings will also be provided to CRIV to be appended to these minutes or share shortly thereafter. If Law Librarians would like to share their thoughts on this, please contact Mike Bernier (MBernier@bloomberglaw.com).

Post-Call Addendum

Bloomberg Law reported constructive conversations at AALS regarding law school docket use and are making some refinements to a policy based on feedback at that meeting and will communicate further.

RFA #2 – ABA/BNA Lawyers’ Manual on Professional Conduct

Joe Breda:

As has been expressed multiple times over recent years, Bloomberg Law sees its future as two things: 1) completely digital; and 2) an integrated platform. At this point, this was essentially the final print resource produced by Bloomberg Law. After extended discussions with the leadership at the ABA, everyone agrees the future is digital and the time has come to make that move with respect to this product. An entirely new slice of Bloomberg Law was built out, which will allow for a better more current product that the print could offer.

R. Martin Witt:

ABA/BNA Lawyers’ Manual on Professional Conduct has current archives in PDF, with citable pagination. Will that be maintained?

Mike Bernier:

Yes, the archive will be maintained.

R. Martin Witt:

Will new updates be similarly paginated?

Mike Bernier:

We have been reworking this resource from page-based pagination to paragraph-based pagination, which will hopefully make the transition easier since updates after the end of the year will not have fixed pagination. Even when print goes away, we will have a means of consistent citation.

R. Martin Witt:

OK, thank you. Moving to consistent paragraph formatting should hopefully alleviate some concerns over citations. With respect to access, there seems to be some similarity to the concern over access – primarily for court/public Law Libraries, or those open to the public – that we discussed in connection with the Tax Management Portfolios (TMPs) last year. For the TMPs, you were open to the idea of kiosk access based on IP address rather than simply by specific machine address. Could there be something similar – either a slice or kiosk-based access to the new professional responsibility platform – available to those libraries who are open to the public and have financial constraints that make providing public access to the complete Bloomberg Law platform untenable?

Joe Breda:

There is no current kiosk-based configuration for that particular slice. A challenge with IP authentication is that it becomes difficult to price appropriately. We are, however, willing to discuss the possibility and will follow-up with CRIV and the libraries impacted.

R. Martin Witt:

I’m not sure there’d be a consensus, given all the different circumstances Law Libraries face. For some Law Libraries though, especially those that make a concerted effort to serve the public and attorneys who are unlikely to have access to the full Bloomberg Law, this is a resource that is of great importance. It isn’t a niche practice area; it’s something that every practicing attorney should be able to stay informed on. IP-recognition would likely be preferred, for ease of administration, but even a kiosk-based configuration (single terminal) with just the professional responsibility slice available could be a good compromise.

Post-Call Addendum

Bloomberg Law responded to concerns that law school and court libraries were unable to make the ABA/Bloomberg Law Lawyers’ Manual on Professional Conduct available to patrons after print ceased. As a result of issues raised by CRIV, law schools and courts may now purchase an IP-authenticated electronic version of just the ABA/Bloomberg Law Lawyers’ Manual on Professional Conduct at a price significantly less than a full Bloomberg Law Patron Access terminal. Librarians should contact their Bloomberg Law Relationship Partner for more information.

RFA #3 – Itemized invoices, including of electronic subscriptions

R. Martin Witt:

An AALL member subscribes to multiple electronic products from Bloomberg Law and needs itemized invoices in order to properly allocate costs from Bloomberg Law to appropriate practice groups. Is there anything that can be done for this subset of firms that needs to allocate costs of individual electronic products?

Mike Bernier:

The default is to bill as one lump sum. Requests for itemized bills can generally be accommodated on an individual basis, since it is a manual process. If the request has been made to the billing contact and the response is not satisfactory, users should contact Mike Bernier (MBernier@bloomberglaw.com) directly for a cost-per-subscription breakdown (with some limitations if bundling makes such a breakdown impossible).

RFA #4 – BNA Books

R. Martin Witt:

Within the past couple days, there have been a rash of incidents where Bloomberg Law Books (formerly BNA Books) have been delivering multiple copies of materials and billing them separately when only one was ordered. There was also a lot of institution account information that was lost in a recent transition. I know you’ve just been made aware of the issues as well. Can you share any additional information or progress on diagnosing the issues?

Mike Bernier:

The books@bloomberglaw.com email address should now be sufficient to address most of the concerns expressed. There was a transition, but it is being worked on. If there is a need for escalation of a particular issue, people should be forward the previous correspondence to me [Mike Bernier (MBernier@bloomberglaw.com)] and I can assist.

Joe Breda:

We have someone in the office now tracking down instances where customers were sent books/copies that they didn’t want and working to resolve them. We are also working on fixing issues in our accounts that were transferred, including the loss of information related to tax-exempt status, so we are asking for that information and should be able to effectively keep track of that moving forward. Please just continue to communicate with us as we work through this process and the best initial contact is books@bloomberglaw.com.

R. Martin Witt:

Was there a pattern to the extra books that were sent out, which might indicate a systematic issue?

Mike Bernier:

Unfortunately, no. We’ve been able to resolve the individual issues, but there does not seem to be any commonality among the extra materials that were sent out.

RFA #5 – Full-time Equivalent (FTE) measure

R. Martin Witt:

A AALL member reported that Bloomberg Law was trying to “prove” that JD enrollment had crossed a certain threshold, thereby increasing their subscription cost and were requiring extra steps to certify the number as correct even though it was publicly available.

Mike Bernier:

Generally, Bloomberg Law takes the ABA 509 report and if enrollment drops we request something from the registrar that confirms the drop. If there is no discrepancy identified by the school, Bloomberg Law will not seek to identify discrepancies itself or require additional certification of ABA 509 numbers. This sounds like there was an unfortunate miscommunication and we can follow up.