Fortune 500 law firm hacked by ransomware

Campbell Conroy & O’Neil, PC in the US, a law firm that serves many large corporations, told its clients that it was hit with ransomware in February and that cyber attackers may have stolen their data . The company is still being affected by the data breach.

The company serves clients across multiple industries, including Apple, Boeing, British Airways, Chrysler, Exxon Mobil, Fisher-Price, Ford, Honda, IBM, Jaguar, Monsanto, Toyota, and American Airlines, among others.

On Friday, the company said in a press release that it only realized on February 27 that it had been hit by a ransomware attack.

As of Tuesday morning, no major ransomware group had claimed responsibility for the incident.

Unfortunately for the company’s customers, there are plenty of ransomware groups that like to run double extortion attacks. First, the attackers will lock down the victim’s system and then threaten them that if the ransom demand they demand is not met, they will leak the stolen data or use it for other attacks in the future. This rogue operation began to emerge in late 2019 and was quickly used in attacks by the attackers behind the Clop, DoppelPaymer, and Sodinokibi (aka REvil) ransomware family.

Recently, data breaches caused by ransomware attacks abound. Fashion brand Guess is one of them, and is still dealing with a data breach after suffering a ransomware attack from DarkSide last week.

If it turns out that the attacker is REvil, Campbell’s life will be very sad. Because the gang’s servers were shut down last week, victims were unable to negotiate with them and have no way to pay the ransom to get the keys to unlock their files and restart their businesses. So did DarkSide: its servers were shut down in May, too.

Campbell’s investigation has not yet determined whether the attackers obtained specific information about users, but the law firm does know that the attackers may have accessed users’ sensitive personally identifiable information (PII), which includes names, dates of birth, driver’s license numbers/ State ID numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and online account credentials, among many others.

“Please note that whether or not this information was compromised varies from person to person, and for most people, very little data will be accessible to attackers,” the statement said.

After the incident, Campbell offered 24 months of free credit monitoring, fraud counseling and identity theft repair, but for now only for customers whose Social Security numbers or similar numbers were affected.

The law firm said in its press release that it engaged a third-party security investigator to investigate the breach and notified the FBI of the breach. A Campbell spokesperson told Threatpost that the company is fully operational and does not expect to have any significant impact on our clients or ongoing litigation.

  Attackers may target suppliers and customers

The repercussions of an attack on a law firm with such a large number of clients are egregious. Experts believe the attack can be compared to an earlier attack on a similarly influential law firm: the 2016 attack on Mossack Fonseca that exposed the law firm’s help The fact that the super rich hide their wealth. This attack also led to the “Panama Papers” scandal, where the private information of the super-rich was leaked by the attackers.

Cybersecurity engineer Neil Jones pointed out to Threatpost on Monday that the attack could affect more users. “A ransomware attack can reveal IT vulnerabilities in third-party vendors that could later be exploited by attackers,” Jones said in an email.

Anurag Kahol, founder of Bitglass, pointed out that the law firm’s business is very mature now, which is a good target. “Law firms are a lucrative target for cybercriminals because they collect and store large amounts of PII, such as social security and driver’s license numbers, as well as financial and medical,” he said in an email. information. Cybercriminals can use this data to commit financial fraud, engage in identity theft, or sell on darknet markets for high profits.”

  Why is ransomware so successful?

The explosion of vulnerabilities is a terrible thing. But looking back at the original ransomware attacks, you wonder, how did these attacks work? It is not that companies have not taken protective measures. A recent survey by storage provider Cloudian found that 49 percent of businesses that experienced an attack had defenses in place at the perimeter at the time, but ransomware was still able to penetrate.

CTO Gary Ogasawara told Threatpost that companies must protect against breaches with encrypted and vulnerability-free storage.

“As ransomware attack tactics become more sophisticated and often lead to data theft and exploitation, businesses must take immediate action to harden their defenses,” he said via email. All should have their data encrypted so hackers cannot read it. Also, most importantly, they should have an unalterable backup copy of the data, which prevents cybercriminals from infecting it with ransomware. Only this encryption This combined with immutability ensures complete protection of data in the event of a ransomware attack.”

The Links:   LMG5320XUFC 7MBP150RA060-05