In May 2020 hackers hit A-list law firm Grubman Shire Meiselas & Sacks of New York. The firm whose clients include Lady Gaga, Drake, Madonna, Rod Stewart, and Robert De Niro. The hackers claim to have 756 gigabytes of data including contracts and personal emails.
A $42-million ransom demand came from criminal group called REvil threatening to release damaging documents.
In May 29, 2020 in California IP law firm Vierra Magen Marcus had data stolen relating to major businesses. Screengrabs purportedly posted on the dark web by REvil show folders listed under the IP firm’s name alongside an index note of high profile organisations including the US Navy, ExxonMobil, L’Oreal, Nissan, Daimler Chrysler, Honeywell and LG Electronics, as well as other well-known businesses. One of the screenshots refers to an archive download of 1.2TB.
The group’s objective was to prove to the company that they had access to the network and to scare them into paying.
In June 2017 DLA Piper LLP one of the largest law firms in the world, was hit by a ransomware attack that infected hundreds of thousands of computers across their platform globally. The global cyber event encrypted all affected files and requested a ransom of $300 in bitcoin to regain access or avoid threat of deletion. It took the firm at least 6 months to rebuild its IT capability costing millions.
The ASD Essential 8
But small and large firms can still enact measures in the ASD Essential 8 such as application whitelisting, privileged account management and multifactor authentication and train employees to spot phishing attempts. All it takes is one malicious phishing email to be clicked on by an employee. Now that bad actor has gained the username and password for that employee, and circumvented that firewall they are into your data.
While companies often claim to have been victims of a ‘highly sophisticated cyberattack,’ the reality is that, in many cases, the attacks only succeeded because basic best practices were not followed. “Problems such as weak passwords, a lack of multi-factor authentication and non-patching are, unfortunately, all too common.
Jack Drewe, Risk Advisor Securite.
