In May 2020, the midtown Manhattan entertainment law firm Grubman Shire Meiselas & Sacks (say that 5 times fast!) was hit by the REvil ransomware attack. This attack exposed the private legal affairs of some of the world’s biggest names, including music and film stars like Lady Gaga, Elton John, Robert DeNiro, (Our very own Todd Weller’s favorite:) KISS, AC/DC, Barbara Streisand (NOT BABS!), and Madonna. Media companies like Facebook, iHeartMedia, and HBO, and athletes like LeBron James, Carmelo Anthony, and Sloane Stephens.
Threatening to publicly post up to 756GB of stolen data in a nine stage release, the threat actors behind the attack offered the law firm screenshots of the stolen data. In essence, as quoted, “..To the modern day version of a kidnapper sending a pinky finger.”
To avoid the devastating blow to their reputation, the loss of their confidential customer data, and the sured onslaught of following lawsuits, the bad actors involved initially demanded a ransom of $21 million, which was later doubled to $42 million. The law firm released a statement in which they offered a grim warning to others who might face the same reality:
“……..Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom……We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law. Even when enormous ransoms have been paid, the criminals often leak the documents anyway.”
(Let me paraphrase: “Um..There is no way we are losing our house in the Hamptons…they can fend for themselves.”)
Law Firms are Common Targets for Hackers
When asked why he robbed banks, the infamous early 20th century thief Willie Sutton allegedly responded, “Because that’s where the money is.” In modern times, where currency translates to information and data, cybercriminal organizations would most likely respond, “Because that’s where the data is.”
At the end of the day, regardless of whether it’s a single-attorney practice, or a multinational law-firm, there is HUGE pressure on the legal services industry to up their security game. I mean, think about it.. what information do you share with your attorney? Would you want your confidential info posted publicly for the world to see? (*See also: John has a very lame life. When i think about it, no one would care.)
Resources on Law Firm Cybersecurity
The good news? There is a better way! Check out our newest paper, “Using Threat Intelligence to Protect Law Firms and Legal Services” to learn more about how the ThreatBlockr Threat Intelligence Firewall platform is helping law firms stay out of the papers and their customers off the shopping line gossip rags! Well, perhaps not yet…but we have helped many law firms protect not only their networks, but also their clients’ confidentiality and their firms reputation and credibility. You can read all about our work with Evans & Dixon in our legal industry case study!
To start protecting your law firm or legal services network with actionable threat intelligence today, call 1.855.765.4925 or email firstname.lastname@example.org.