24 Nov Hackers threaten to publish data from attack on legal services firm
Legal services firm Law In Order has been hit by a ransomware attack, with hackers claiming to have stolen data and threatening to publish it if the company fails to pay up within seven days.
The company is the latest in a string of high-profile ransomware victims, with logistics company Toll Holdings, beverage giant Lion and Downer-owned facilities management company Spotless also hit this year.
Hacking group NetWalker claimed responsibility for the attack on Tuesday and published what it claimed were screenshots of folders from Law In Order’s internal system on its dark web blog.
NetWalker also published extracts from Law In Order’s website, including that the company had “rigorous protocols” and “iron-clad security”.
One person working in the sector described e-litigation suppliers as the keepers of corporate Australia’s most sensitive secrets.
In a statement, Law In Order confirmed the attack and said it had taken defensive steps to limit access to its network which had subsequently “halted much of our business operations”.
The statement said the company had engaged cyber security advisers CyberCX, who were working to respond to the attack, and Law In Order was proactively advising customers who may have been affected.
“Over the weekend, Law In Order was the victim of a cyber security incident,” the statement said. “We are undertaking a thorough forensic investigation to understand the scope and details of the incident.
“We are assessing reports that a very small proportion of data on Law In Order’s servers has been exfiltrated and proactively advising customers who may be impacted.
“We are making progress. However, it is important that we do this methodically and safely as we work to resume normal business operations.”
Law In Order did not respond to questions about whether the company was considering paying a ransom.
Spokespeople for K
“We take the security and confidentiality of our client information extremely seriously and we are actively working with Law In Order to understand the nature and extent of the breach and the extent to which it impacts KWM and our clients,” a KWM spokeswoman said.
Brett Callow, a threat analyst for Emsisoft, said the NetWalker ransomware-as-a-service operation specifically targeted larger organisations.
“Like multiple other ransomware operations, NetWalker steals its victims’ data and uses the threat of releasing it online as additional leverage to extort payment,” Mr Callow said.
“Ransomware continues to become increasingly problematic. The average demand has increased from about $US5000 [$6835] in 2018 to more than $US150,000 today.
“Additionally, the fact data is stolen means that incidents are very often data breaches which can result in sensitive information leaking online and, of course, expose organisations to legal liability issues.”
While screenshots of internal folders may indicate penetration of the company’s systems, it does not mean data was copied or removed.
A similar attack and blog post from another ransomware operator last week on the Melbourne branch of accounting firm Nexia did not, according to the company, result in any data being stolen.
Emsisoft estimates ransomware will cost the Australian economy about $US160 million in 2020 in terms of ransom demands.
“When downtime is factored in, the cost increases to more than $US1 billion – and that’s an extremely conservative estimate,” Mr Callow said.
Law In Order is also working with the Australian Federal Police and the Australian Cyber Security Centre.