Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Ransomware Strikes Three Law Firms in 24 Hours

February 5, 2020

Yes, I know. It gives me no pleasure to type that headline.

First, a hat tip to Bob Ambrogi, who posted about this story on February 1.

Five U.S. law firms — three in 24 hours — were hit by ransomware attacks. In two of the cases, a portion of the firms' stolen data was posted online, including client information.

The information came from Brett Callow, a threat analyst with Emsisoft, a cybersecurity company that is also an associate partner in the No More Ransom Project, an initiative between multiple law enforcement agencies and the private sector.

Hackers have stolen data from at least five law firms, using the threat of releasing the data to extort payment from the firms, Callow said. In the two cases in which hackers already posted law firm data, they published it on the clear web where it could be viewed by anybody. This is a bit different from other cases we have seen where data has been placed on the dark web and not easily accessed.

The hackers are using Maze ransomware, which was the subject of a warning issued to companies earlier this month by the FBI. The hackers infiltrate systems using email with malicious attachments – and this is why all law firms should continuous train on phishing emails!

The ransomware criminals name the companies they've hit on their website and, if that doesn't convince the companies to pay, they then publish a small of the amount of their data to prove that they have it.

This quote was striking: "This makes sense," Callow said. "The more data they publish and the more sensitive that data is, the less incentive an organization has to pay to prevent the remaining data being published. It's the equivalent of a kidnapper sending a pinky finger."

If the organization still doesn't pay, the remaining data is published, sometimes on a staggered basis, he said.

The group has also published data in Russian hacker forums with a note to "Use this information in any nefarious ways that you want," Callow said. Once a company does pay, then its name is removed from Maze's website.

In answer to queries on Facebook, Bob said they were all small firms.

So don't assume you are safe just because you are small.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Ransomware Strikes Three Law Firms in 24 Hours

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer