Skip to main content
Since private investigator Sean Mulholland opened his firm in 1996, he has added computer forensics and information security to the list of services he provides.
Jax Daily Record Tuesday, Feb. 16, 201612:00 PM EST

Jacksonville law firm not immune to hacker's scheme to hold information for ransom

by: Max Marbut Associate Editor

You might think the data stored on your computer at home or work is relatively safe from theft or even tampering.

You would be wrong.

No one knows that better than attorney Thomas Brown of The Brown Firm.

He left his office one day in late December thinking everything was just fine.

When he returned the next morning, Brown realized he was essentially out of business, at least temporarily.

Neither he nor his staff could access any of the files on their computers.

Not his client files, not his case documents or even the firm’s financial data, including trust accounts and payroll.

Brown lets his office manager and legal assistant, Patty Pearson, tell the story of how hackers held his practice for ransom for more than a week.

“Everything we do is scanned. Even our Word documents are converted to pdf’s. They (the hackers) somehow got onto our server and decrypted all of our files,” she said. “They were useless. Nothing was compromised. We just couldn’t get to it.”

Pearson immediately contacted the firm’s IT services provider. It took nearly two days to determine what happened and what would have to be done before they could open anything other than email.

The culprits left behind a digital message: Give them $2,500 and they would provide a key that would open the files.

The law firm’s IT people said there were two choices. Either pay the ransom, Pearson said, “or lose everything we had.”

The virtual ransom note also contained instructions to pay the ransom in “bitcoin,” a digital asset and payment system.

According to a report posted on, bitcoins may be used to make purchases anonymously. The online currency crosses international boundaries without banks or any form of regulation.

They are stored in a “digital wallet” either on the cloud or on a user’s computer.

Though each bitcoin transaction is recorded in a public log, buyers and sellers are never revealed — only their wallet identifications.

That keeps transactions private and lets users buy or sell anything without it being easily traced back to them.

It has become the currency of choice for people online who engage in illicit activities, according to the report.

Pearson said a bank account was opened expressly to pay the ransom in order to avoid giving the hackers any more access.

“Once we provided the bitcoins, they provided the key,” said Pearson.

Private investigator Sean Mulholland opened Mullholland Investigation in 1996.

His clients at the time, mostly attorneys and insurance companies, needed traditional surveillance and claims investigation services.

In 2006, he added “and computer forensics” to his company’s name and began providing services, such as searching personal computers and larger business data systems for evidence as part of the investigative process.

He recently established a new division of his investigative firm — information security.

“It’s the fastest growing segment of my business,” Mulholland said.

The first step with a new client is to perform a threat vulnerability assessment by attempting to invade their computer system.

If weaknesses are found, they are fixed and then all users are educated as to how to avoid letting a hacker into the system.

Mullholland said one of the most basic rules is to make sure you don’t open files you receive if you’re not sure of their origin and safety.

It’s not just office computers that may be attacked.

The proliferation of smartphones has made the amount of what Mulholland calls “electronically stored information” explode.

“It’s a computer you carry on your belt or in your pocket,” he said.

According to Pew Research Center, 73 percent of Americans used a smartphone in 2015, up from 35 percent in 2011.

Nearly 65 percent of American adults used social media sites in 2015, up from only 7 percent in 2005 when Pew began tracking those trends. Eighty percent of smartphone owners use them to access the Internet.

Facebook is used by 1.5 billion people each month.

Twitter has 320 million users who send 500 million tweets each day.

Users upload 300 hours of video to YouTube each minute.

LinkedIn has 400 million members and Instagram has 300 million users each month who have shared more than 20 billion images, Mulholland said.

That means more people are posting more information — and sometimes evidence — that Mulholland and his staff can use as a resource for investigations.

“Social media is the first place we look for evidence,” he said.

Pearson said in response to the firm’s data being held for ransom, the firm has improved the office’s computer firewalls and installed an isolated server not connected to the Internet that is used to back-up files each day.

They’ve also replaced passwords with pass phrases and those will be changed on a regular basis.

Mulholland is scheduled to present an overview of the state of computer security Feb. 25 as part of The Jacksonville Bar Association’s 14th annual Raymond Ehrlich Trial Advocacy Seminar at the Wells Fargo Center’s auditorium.

To register, visit

[email protected]

(904) 356-2466

Related Stories