Ransomware groups often promise to keep everything confidential if their victim pays them. They can’t do that if their chats are not secure and someone is able to shoulder-surf or otherwise get access to the negotiations and any files provided by the attackers as proof — or any bitcoin wallet addresses. If victims think or hope that they will be able to keep a breach under wraps and not have to tell anyone, they may be in for a rude awakening. DataBreaches does not know what the victim in this incident intended or intends, but the attack they experienced was publicly revealed by SuspectFile.
SuspectFile reports that the Buckley King LPA law firm was attacked by BlackBasta and agreed to pay a ransom demand. It reports, in part:
Last April the BlackBasta gang managed to enter the law firm’s IT network thanks to social engineering, an employee of the Buckley King LPA allegedly executed an infected attachment present in an e-mail.
According to SuspectFile, BlackBasta informed the law firm’s negotiator that they had 110 GB of files and wanted $400,000 to delete data, provide a decryptor, and provide a “security report.” They eventually settled for $150,000.00
From the detailed reporting, SuspectFile was apparently able to follow the interactions and even the payments, reporting that 6 bitcoins (161,574.00 USD) was the total amount of the transaction, but 5.41537733 bitcoins (145,830.70 $) was deposited in the wallet indicated by BlackBasta while 0.58457449 bitcoins (15,742.01 $) were transferred to another wallet.
They were also able to obtain a copy of the file tree that the victim was presented as proof. It reportedly contained over 230,000 directories and more than 760,000 files.
Does Buckley King intend to notify all their clients whose personal information or confidential files had been acquired by criminals? SuspectFile reports that the firm has not provided them any statement about the incident, despite requests. DataBreaches has also sent the law firm an inquiry. Their home page advertises “get straight answers.” We hope we do get straight answers and will update this post if a reply is received.