Law Firm to the Fortune 500 Breached with Ransomware
Campbell Conroy & O’Neil P.C. U.S. law firm to a stunning array large companies – informed its star-studded clients that an intruder might have accessed their data. The ransomware was used to infect the computer with malware in February.
This client list includes a variety of industries, including Apple, Boeing and British Airways, Chrysler and Exxon Mobil as well as Ford, Honda and IBM.
The firm stated in a press statement Friday that it was hit by ransomware on February 27th.
Campbell did not mention which ransomware gang claimed the responsibility. As of Tuesday morning, none of the major ransomware groups claimed the conquest.
Unfortunately, ransomware groups that are interested in pulling double-extortion attack are numerous. They lock down their victims’ systems and then threaten to leak their compromised data or use it to launch future spam attacks. This trend began in late 2019, with Maze Operator. It was quickly picked up and rediscovered by the DoppelPaymer, Clop and Sodinokibi ransomware families (aka REvil).
Ransomware attacks have been a major cause of data breaches. Guess was last week dealing with a breach following a ransomware attack in February that was linked to DarkSide, the Colonial Pipeline attackers.
Campbell will have to make it tough if Ravil turns out to actually be the gang. The gang’s servers went offline last Wednesday, leaving victims stuck in mid-negotiation with no way to pay the ransom or obtain decryption keys to unlock files and restart businesses. DarkSide’s servers were shut down in May.
Campbell’s subsequent investigation has not yet revealed if the unauthorized threats actors gained access to specific information. However, the law firm knows that they could have accessed sensitive personally identifiable information (PII). This includes names, dates of birth, and passport numbers.
According to the statement, “Please note that information can vary by person and for many people, a restricted number of data types were determined as accessible.”
Campbell offers 24 months of credit monitoring, fraud consultation, and identity-theft recovery services for clients with Social-Security numbers that were affected.
In a press release, the law firm stated that it had enlisted unnamed third-party forensic investigators to investigate the attack and also informed the FBI about it. Threatpost was told by a Campbell spokesperson that Campbell is “fully operational” and doesn’t anticipate any significant impacts to ongoing litigation or our representation of our valued clientele.
Attackers could target suppliers and clients’ customers
An attack on a law office with so many wealthy clients can have a devastating effect. Experts have compared it with an earlier attack against a law company with similar clout. This was the 2016 breach at Mossack Fonseca, which is known as the law office that helped the ” super-rich hide their wealth.” This scandal led to the Panama Papers scandal in which private information regarding those clients was revealed.
Egnyte’s cybersecurity evangelist Neil Jones pointed out to Threatpost Monday that Campbell’s misery could reach deep into clients’ bowels with the potential for clients to be entrapped by their customers or suppliers. Jones pointed out that ransomware or initial breach can expose third-party providers’ IT vulnerabilities, which can be exploited by attackers at later dates.
Bitglass’ cofounder and CTO Anurag Kahol noted that law firms are prime targets for petty crooks. Cybercriminals find law firms a lucrative target because of the large amounts of PII they store and collect, including Social-Security numbers and driver’s license numbers as well as financial, and medical information.” he wrote in an email. Cybercriminals could use this data to commit financial fraud or identity theft, and even sell it for large profits on Dark Web marketplaces.
Why is Ransomware so successful?
This breach is very serious. The breach is serious. Businesses don’t have security. Cloudian, a storage provider, found that 49% of victims had their perimeter defenses in place but ransomware was still infiltrating.
Threatpost was told by Gary Ogasawara (CTO Cloudian), that businesses must plug any holes in encryption and storage that cannot be tampered with.
He said via email that ransomware strategies are becoming more sophisticated and can often lead to data theft and exploitation. Businesses must take immediate action to strengthen their defenses, especially for sensitive data. Organizations should encrypt data in flight and at rest to prevent hackers from reading or exposing it. They should also have an immutable backup copy of their data to prevent cybercriminals from infecting it. Combining encryption and immutability provides complete protection against ransomware attacks and eliminates the need for ransom.