LITIGATION SUPPORT TIP OF THE NIGHT

Hypertext Transfer Protocol Secure (HTTPS) is used for secure communications on networks and over the internet. It uses the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocol. An admin can force visitors to a Relativity workspace to view it over HTTPS so that requests and responses are encrypted. Relativity Service Host has an instance setting, EnforceHttps. If it is set to 'Yes' http traffic will be blocked. If it is set to 'Warn', non-https traffic will just be logged.

Keep in mind that a photocopier contains a hard drive that will store images of documents that have been photocopied, scanned, or faxed. It's important to confirm that copiers used by law firms and businesses encrypt data on these hard drives, so it cannot be accessed without special software. Some copiers can be set to overwrite data after each job, or at set intervals.

Xerox has published a guide that indicates which of its current models has a disk drive; which overwrite data immediately or at intervals; and which encrypts data on the hard drive.

Nearly all of the models with drives, also provide AES data encryption. Many Xerox copiers overwrite images automatically by default. The manual states that Xerox's overwriting process conforms to the National Institute of Standard and Technology's Special Publication 800-88, Guidelines for Media Sanitization. An overwrite process can also be activated that will wipe data on every sector of the hard drive.

A Xerox technician can remove the hard drive from a copier and provide it to a client upon request.

Images are not overwritten on copiers using solid state drives.

Crypto Sheriff is an online service which can help decrypt files that have fallen victim to a ransomware attack. See: https://www.nomoreransom.org. The “No More Ransom” project helps identify keys needed for decryption. It is a joint project of Europol, Kaspersky, McAfee, and the national police of the Netherlands. See the recommendation on the Europol site here.

Ransomware typically uses two keys - a public key to encrypt files, and a private key to decrypt files. It's sometimes possible to decrypt files encrypted with ransomware because of mistakes in how they are implemented, or because they are posted somewhere online. Law enforcement agencies also seize servers containing keys and make them known.

You use the service by uploading two files, each less than 1 MB, which have been encrypted by ransomware, and then entering an email address, Bitcoin address, or URL used in the ransomware demand that you received.

If Crypto Sheriff finds a way to decrypt your files, it will provide a link to tools you can use to access your files, and provide instructions on how to use those tools. The malware should be removed from an operating system before the files are decrypted.

Crypto Sheriff allows you to download more than 100 decryption tools, many of which are designed specifically for particular types of ransomware.