Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherBrowse by ChannelAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

Ransomware Attacks Hit Three Law Firms in Last 24 Hours

By Bob Ambrogi on February 1, 2020
Email this postTweet this postLike this postShare this post on LinkedIn
ransomware-2320941_1280

Five U.S. law firms — three in the last 24 hours — have been among the companies and organizations targeted by a new round of ransomware attacks. In two of the cases, a portion of the firms’ stolen data has already been posted online, including client information.

This according to Brett Callow, a threat analyst with Emsisoft, a cybersecurity company that is also an associate partner in the No More Ransom Project, an initiative between multiple law enforcement agencies and the private sector.

Hackers have stolen data from at least five law firms, using the threat of releasing the data to extort payment from the firms, Callow said. In the two cases in which hackers already posted law firm data, they published it on the clear web where it can be viewed by anybody.

The hackers are using the so-called Maze ransomware, which was the subject of a warning issued to companies earlier this month by the FBI. Earlier this week, Ars Technica reported that victims of the Maze  ransomware attacks have included a grocery chain, a CPA firm, and a college.

The hackers infiltrate systems using email with malicious attachments, Callow said. He does not know the exact nature of the emails being used against law firms, but he assumes they are being crafted in such a way that lawyers are likely to open them.

Their modus operandi is to initially name the companies they’ve hit on their website and, if that doesn’t convince the companies to pay, to publish a small of the amount of their data as “proofs.”

“This makes sense,” Callow said. “The more data they publish and the more sensitive that data is, the less incentive an organization has to pay to prevent the remaining data being published. It’s the equivalent of a kidnapper sending a pinky finger.”

If the organization still doesn’t pay, the remaining data is published, sometimes on a staggered basis, he said.

The group has also published data in Russian hacker forums with a note to “Use this information in any nefarious ways that you want,” Callow said.

Once a company does pay, then its name is removed from Maze’s website.

If any reader has more information on the nature of the emails being used, please let me know and I’ll update this post.

Photo of Bob Ambrogi Bob Ambrogi

Bob is a lawyer, veteran legal journalist, and award-winning blogger and podcaster. In 2011, he was named to the inaugural Fastcase 50, honoring “the law’s smartest, most courageous innovators, techies, visionaries and leaders.” Earlier in his career, he was editor-in-chief of several legal…

Bob is a lawyer, veteran legal journalist, and award-winning blogger and podcaster. In 2011, he was named to the inaugural Fastcase 50, honoring “the law’s smartest, most courageous innovators, techies, visionaries and leaders.” Earlier in his career, he was editor-in-chief of several legal publications, including The National Law Journal, and editorial director of ALM’s Litigation Services Division.

Read more about Bob AmbrogiEmailBob's Linkedin ProfileBob's Twitter ProfileBob's Facebook Profile
Show more Show less
  • Posted in:
    Technology
  • Blog:
    LawSites
  • Organization:
    Bob Ambrogi
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • Resource Center
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center
  • Blogging 101

New to the Network

  • Beyond the First 100 Days
  • In the Legal Interest
  • Cooking with SALT
  • The Fiduciary Litigator
  • CCN Mexico Report™
Copyright © 2025, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo