There have been numerous law firms that have been hacked in the past few years, or worse, attacked with the double whammy of having copies of their files exfiltrated before their systems were encrypted. What may surprise the public is how some of the bigger law firms refuse to pay ransom — either for a decryptor key or to get the threat actors to agree to destroy copies of any files they had acquired. As but one example, when Sodinokibi (REvil) threat actors attacked the entertainment and media law firm Grubman Shire Meiselas & Sacks, they demanded $21 million. The law firm’s negotiators made a much lower offer, and the threat actors then doubled the demand to $42 million. When the law firm still didn’t pay, the threat actors tried auctioning off different celebrities’ files in bundles. No one seemed to bid on any of them.
Similarly, you can find other law firms listed on dedicated leak sites (DLS) created by different ransomware groups. The fact that they are publicly listed means that they didn’t pay the demanded ransom.
Today, another law firm, Seyfarth Shaw LLP, disclosed a ransomware attack. The fact that they disclosed it themselves immediately removed one of the threats these groups make — to make the attack public and harm the entity’s reputation by showing that they failed to secure sensitive information.
Does that mean that the victim will not pay any ransom? That decision, if it has not been made already (and DataBreaches.net does not know if any decision has been made) may depend on a number of factors, including, but not limited to, their view on paying ransom, whether they have cyberinsurance that would cover it, whether they can recover or restore files without a decryption key, whether they can function for any length of time without their email system or other affected systems, and whether the publication of any files that may have been exfiltrated would be so damaging or harmful that they decide to pay ransom in the hopes of the files not being made public. Here is their notification to date:
On October 10, 2020, Seyfarth was the victim of a sophisticated and aggressive malware attack. At this time, our email system remains down. Our phone system is still functioning but if you are unable to reach your contact at the firm, please fill out this Contact Form.
We will continue to update this page with information as it becomes available. Click below for more information.
On Saturday, October 10, 2020, Seyfarth was the victim of a sophisticated and aggressive malware attack that appears to be ransomware. We understand that a number of other entities were simultaneously hit with this same attack. Our monitoring systems detected the unauthorized activity, and our IT team acted quickly to prevent its spread and protect our systems. We have found no evidence that any of our client or firm data were accessed or removed. However, many of our systems were encrypted, and we have shut them down as a precautionary measure.
Our clients remain our top priority, and we will continue to do everything necessary to protect their confidential information and continue to serve them. We are coordinating with the FBI and are working around the clock to bring our systems back online as quickly and safely as possible.
While our phone system has not been affected, you can get a message to us via this Contact Form if you are having difficulty reaching us. We will also provide updates on our website and share information as it becomes available.