Scullion Law
After suffering a devastating cyber-attack that left them locked out of their systems, Scullion Law turned to Consider IT for incident response and disaster recovery.
Rebuilding a Law firm after a Cyber-Attack
About Scullion Law
Scullion Law is a law firm with offices in Hamilton, Edinburgh, and Madrid specialising in:
– Road Traffic Law
– Criminal Law
– Property Law
– Family Law
– Wills and Power of Attorney
– Bereavement
The firm has strong company values and strives to bring client care, focus, dynamism and integrity to everything they do.
The Challenge
At the beginning of 2024, Scullion Law came to Consider IT for help after experiencing a major cyber-attack perpetrated by the Russian ransomware group Black Basta. The attack resulted in the firm being locked out of their systems with no access to their data.
Recognising the gravity of the situation, the firm promptly:
– Notified the ICO, Law Society of Scotland, and the police to fulfil legal obligations.
– Alerted all individuals whose data was known to have been compromised.
– Contacted Consider IT for expert guidance and support.
The firm’s top priority was to rebuild their systems and restore normal operations while ensuring that the new environment was secure and resilient against future threats. Nicholas Scullion, Managing Director of Scullion Law explains how they first realised they had been breached:
“This was unlike any other business emergency I’ve experienced because it was not an event; it was a process. We were initially told by the police that we might have been the victims of cybercrime, but from our point of view, everything was working as normal. A few days later, we discovered that all our systems and data were encrypted, and we were locked out.
As a law firm with 45 employees working internationally—dealing in high-value transactions, sensitive criminal matters, and people moving house—not being able to answer the telephone or reply to emails was incredibly stressful for both us and our clients. It was horrific and could have been catastrophic.
As lawyers, people trust in our ability to deliver excellent advice and safeguard sensitive information—both essential to our success—and this attack took all of that away from us.”
Nicholas Scullion
Managing Director
The Solution
Scullion Law appointed Consider IT as their incident response provider to help them assess the scope of the breach and restore systems. Nicholas continues:
“We were recommended to Consider IT and four other suppliers by the Cyber and Fraud Centre Scotland. Of the five we were recommended, three told us there was no way they could assist us, one said they potentially could but would charge a fortune before doing anything, whereas Consider IT were friendly, honest, and said they would have a look and give it their best shot. And that’s why we chose them.
They promptly told us what had happened, managed expectations, and, within a very short time, restored operations and set us up on a new, more secure, and resilient system. This was an incredible relief to us and our customers.”
Consider IT got straight to work to:
- Contain the Breach and Assess the Damage
– Isolated affected systems to prevent further access or data loss.
– Conducted a thorough review to understand the scope of the attack. - Rebuild Systems with Security in Mind
The recovery plan focused on restoring operations securely and efficiently.
Key actions included:
– Securing the Microsoft 365 tenancy to serve as the foundation of their digital workspace.
– Recovering lost data, Consider IT managed to gain access and restore the data that was considered lost.
– Migrating all services to Microsoft 365, ensuring data was secure and accessible.
– Deploying a robust firewall appliance to safeguard the firm’s network.
– Redeploying all endpoints (e.g., laptops/devices) with enhanced security configurations.
– Reinstating the firm’s critical LawWare solution, vital for day-to-day operations.
The Impact
The law firm’s systems were fully rebuilt and operational within a weekend. Highlights of the successful recovery included:
– Secure migration to Microsoft 365, improving overall security and enabling seamless remote work.
– Enhanced network security.
– Fully secured and redeployed endpoints, reducing the risk of future attacks.
– Restoration of the LawWare platform, enabling the firm to serve clients with minimal disruption.
– Once stable, Consider IT helped Scullion Law achieve Cyber Essentials certification, ensuring the firm is compliant with recognised cyber security standards and better protected against future threats.
– Regular cyber security training for all staff, equipping them with the knowledge to identify and prevent potential cyber threats.
After recovery, Scullion Law took on Consider IT as their Managed IT Provider to look after their IT and cyber security long-term. They now benefit from the peace of mind that their IT infrastructure is secure, resilient, and well maintained.
“We found Consider IT to be really easy to deal with. We decided to take them on as our IT provider and took their advice to upgrade our entire IT infrastructure. They were very professional, didn’t speak to us in techy jargon we couldn’t understand, and they were reassuringly expensive. The service they provided to us was worth every penny. I can sleep at night knowing our systems are secure.”
Advocacy and Community Impact
After experiencing a cyber-attack firsthand, Scullion Law quickly realised a critical gap—there was no one to turn to who had been through it before. Determined to change that, they channelled their experience into action, becoming a dedicated advocate for businesses facing similar crises. As an accredited member of the Cyber and Fraud Centre’s Incident Response Cadre, Scullion Law now offers their Cyber Survival Service, a one-stop solution providing expert legal and consultancy support through the crucial first 28 days post-attack and beyond. Their unique perspective—shaped by lived experience—allows them to guide businesses with empathy, practical advice, and a deep understanding of the challenges ahead. By combining legal expertise with real-world insight, they empower organisations to respond effectively, recover swiftly, and build long-term resilience.
“Going through a cyber-attack was an isolating and overwhelming experience, and we don’t want any other business to feel that way. That’s why we’re committed to sharing our story, offering guidance, and providing practical support through our Cyber Survival Service. By delivering educational talks and fostering open conversations, we’re working to remove the stigma around cyber incidents—because being targeted isn’t a failure, but how you respond makes all the difference.”
Nicholas Scullion, Managing Director – Scullion Law
Related Projects
Office Move
Using strong relationships to power relocation - How we made a major office move simple, straightforward and seamless for a digital marketing firm.
Office 365 Migration
Creating a platform for smart, secure growth. Consider IT empowered a finance firm to enter their next growth stage with a safe, secure and seamless Microsoft 365 migration.
Server Migration
Making server migration feel effortless - How we managed the move from an end of life server to a secure, resilient replacement