Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Three More Law Firms Breached by REvil

June 8, 2020

Security Boulevard reported on June 5^th that the cybercriminals who make up the REvil ransomware gang have launched an auction site where they plan to sell stolen data they were unable to ransom. Previously, REvil claimed to have stolen data from Grubman Shire Meiselas & Sacks, a law firm that primarily serves celebrities, and Agromart, an agricultural company based in Canada. Other apparent victims include Wartman Law Firm, Fraser Wheeler and Courtney LLP and Vierra Magen Marcus LLP.

We don't really know how sensitive the stolen data is. It may be of more interest to a rival law firm to understand, for example, how business deals were put together than of use to someone looking for salacious celebrity material.

DarkOwl, a provider of a search engine service optimized for the Dark Web, has provided regular updates on the activities of the REvil ransomware gang. However, DarkOwl CEO Mark Turnage warns there are plenty of other cybercriminals offering all kinds of data for sale that most of the organizations affected often know nothing about. As cybercriminals have become more adept at identifying data that might be of interest to specific parties, Turnage said the effort to either extort money or simply sell data on the Dark Web has become more sophisticated.

Something else to worry about, right?

Right now, some are paying the ransom and hoping that the data thieves are honorable (I would not bet the mortgage money on that). Some do not pay ransom – they have robust backups so they are ok on the tech front. They can't usually be sure whether the criminals have the data or how important the data is. Turner has noted that claiming to have certain data that never existed is becoming part of larger disinformation campaigns that are being launched via the Dark Web.

Some organizations are proactively monitoring the Dark Web to determine if their data is already for sale or if they are about to become a target. This has become a big business, but we are not at all certain that there is any real way to monitor everything. Certain well-known sites can be monitored but the Dark Web is wide and deep, without any clear road map. Some of what companies claim they can do strikes us as dubious.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Three More Law Firms Breached by REvil

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer