Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Global Law Firm Seyfarth Shaw Crippled by Ransomware Attack

October 14, 2020

The hits just keep on coming. Global law firm Seyfarth Shaw announced that it has been the victim of a cyberattack presumed to be ransomware on October 10^th. As I write this post on October 13, the following language appears on the firm's website: https://www.seyfarth.com/malware-attack-information.html

"On Saturday, October 10, 2020, Seyfarth was the victim of a sophisticated and aggressive malware attack that appears to be ransomware. We understand that a number of other entities were simultaneously hit with this same attack. Our monitoring systems detected the unauthorized activity, and our IT team acted quickly to prevent its spread and protect our systems. We have found no evidence that any of our client or firm data were accessed or removed. However, many of our systems were encrypted, and we have shut them down as a precautionary measure.

Our clients remain our top priority, and we will continue to do everything necessary to protect their confidential information and continue to serve them. We are coordinating with the FBI and are working around the clock to bring our systems back online as quickly and safely as possible.

While our phone system has not been affected, you can get a message to us via this Contact Form if you are having difficulty reaching us. We will also provide updates on our website and share information as it becomes available."

The National Law Journal posted the following additional information:

"DLA Piper was hit by a ransomware attack in 2017, and New York-based Grubman Shire Meiselas & Sacks was targeted in May.

Greenberg Traurig; Sullivan & Cromwell; Wachtell, Lipton, Rosen & Katz; and Cravath, Swaine & Moore were cyberattack targets more than a decade ago, according to FBI files declassified earlier this year."

It is common these days for the ransomware victim's data to be exfiltrated, so I never regard that data as "safe" absent a clear statement following a digital forensics investigation. Typically, the criminals play out the ransom demand for the decryption key first and only later follow up with another ransom demand in exchange for their promise to destroy the data in their possession (which they prove by providing some of it). And criminals never lie, right?

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Global Law Firm Seyfarth Shaw Crippled by Ransomware Attack

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer