Safeguarding Legal Excellence

In April 2016, German newspaper Süddeutsche Zeitung journalists Bastian Obermayer and Frederik Obermaier obtained 11.5 million documents from Mossack Fonseca, a Panamanian law firm. They reached out to the International Consortium of Investigative Journalists (ICIJ), which formed a team of 107 media organizations in 76 countries to examine the documents, later known as the Panama Papers. The files revealed widespread use of shell companies and intricate transactions for tax fraud.

The origin of the records, whether leaked by an anonymous insider or hacked, remains disputed. Mossack Fonseca claims a hack.

Cyber Attack Type: Hack or Insider Attack
Location: Panama City, Panama Cost: The firm closed in March 2018 Affected People: 300,000+

Post the Panama Papers revelation, implicated individuals, including Iceland’s then prime minister, Sigmundur David Gunnlaugsson, resigned. Governments globally recovered over $1.2 billion using the documents. Facing severe fallout, Mossack Fonseca shut its doors in March 2018.

In May 2020, Grubman Shire Meiselas & Sacks, a firm catering to the entertainment and media industries, fell victim to a ransomware attack by the notorious REvil group. The hackers, seeking a $21 million ransom initially, escalated their demand to $42 million. Lady Gaga's information, a client of the firm, was leaked to apply pressure, along with threats to expose details of other celebrities.

Cyber Attack Type: Ransomware
Location: Undisclosed
Cost: Undisclosed
Data Accessed: Undisclosed

Responding, the firm engaged top experts, tirelessly addressing the crisis. Despite reports of a $365,000 payment, the firm, following FBI advice, asserts not paying any ransom. While some data has been recovered, a substantial portion, potentially accessible on the dark web, remains unrecovered.

In June 2017, DLA Piper faced a ransomware assault that initially impacted its Ukrainian offices during a payroll software upgrade. The malware, identified as NotPetya, exploited the firm's "flat network structure," leading to rapid spread.

Following the attack, DLA Piper's global workforce experienced disruptions, unable to use telephones or email, with limited document access. Despite these challenges, the firm asserts no data loss, as backups remained intact.

Cyber Attack Type: Ransomware
Location: Ukraine, then Global
Cost: Millions in billable hours and restoration expenses

Responding to the incident, the firm's IT department logged 15,000 hours of paid overtime. Given the attack's severity, DLA Piper had to wipe and rebuild its Windows environment.

Three individuals from China aimed at the law offices of Cravath Swaine & Moore and Weil Gotshal & Manges with the intention of insider trading and acquiring confidential data related to ongoing mergers and acquisitions.

As per the U.S. government, Lat Hong, Bo Zheng, and Chin Hung garnered over $4 million in profits by trading on pilfered information from the law firms. Their unauthorized access allowed them to read emails of partners from both firms, revealing details about impending transactions involving public companies.

The indictment reveals that the defendants extended their targeting to five additional law firms, initiating at least 100,000 attacks on these entities.

Cyber Attack Type: Malware and undisclosed methods
Location: New York
Cost: $4+ million

In response to their illicit activities, the U.S. Securities and Exchange Commission imposed a fine of $8.8 million on the wrongdoers, surpassing double the amount they illicitly gained through insider trading.

In 2016, Moses Afonso Ryan Ltd., a law firm, endured a three-month ordeal when a ransomware attack crippled its essential files. The firm's billing system and documents were immobilised, impacting client payments and hindering access to crucial financial information.

Facing a disabled system, the law firm had no choice but to engage in ransom negotiations, eventually paying the demanded amount in Bitcoin. The toll of this incident amounted to nearly $700,000, encompassing lost client billings and the undisclosed ransom cost.

Cyber Attack Type: Ransomware Location: Providence, Rhode Island Cost: At least $700,000
People & Companies Affected: Unknown

To rectify the situation, Moses Afonso Ryan Ltd. was compelled to make upfront Bitcoin payments to the hackers and negotiate further Bitcoin releases. This unfortunate circumstance left the firm in disarray, rendering its employees unproductive for an extended period.

In April 2023, HWL Ebsworth, one of Australia's major law firms, fell victim to a ransomware attack orchestrated by the Russian-linked ALPHV/Blackcat ransomware-as-a-service group. Despite initially concealing the breach, the revelation came from ALPHV/Blackcat themselves, disclosing on a dark web forum that they had infiltrated more than 4TB of data. This included employee CVs, IDs, financial reports, accounting data, client documentation, and credit card information, along with a comprehensive network map.

HWL Ebsworth, seemingly reluctantly, issued a statement acknowledging the breach and committed to collaborating with the Australian Cyber Security Centre to assess the breach's extent and determine recovery and remediation measures.

Cyber Attack Type: Ransomware
Location: Australia
Cost: Undisclosed
Data Accessed: 4TB+ of personal and organisational information

Following the initial statement, the firm has maintained relative silence on the matter. However, in June 2023, ALPHV/Blackcat claimed to have published 1.45 terabytes of data on the dark web, purportedly stolen from HWL Ebsworth in late April, accompanied by the message: 'ENJOY!!!'