Ransomware group BlackCat is claiming to have stolen 1TB of data from UK law firm Sills & Betteridge. According to a statement on its victim blog posted yesterday morning, the organisation – also known as ALPHV – claims to have stolen confidential client documentation and the personal data of staff, among other sensitive files. The group added in broken English that the law firm had three days to initiate negotiations for the ransom of the data, after which time “most of” the files would be published.
Headquartered in Lincoln, Sills & Betteridge employs 320 people and has become one of northern England’s largest solicitors firms after a series of mergers and acquisitions dating back to 2007. When Tech Monitor approached the law firm to confirm BlackCat’s claim, a spokesperson for Sills & Betteridge stated that it wished to make no comment at this moment in time. BlackCat has not provided any details on how it allegedly compromised Sills & Betteridge’s systems.
Law firms lucrative target for ransomware gangs
If confirmed, the hack would be the latest in a string of ransomware attacks in recent months against law firms across Europe and North America. Earlier this month, UK-based Allen & Overy announced that it had been breached, with the Russian hackers LockBit claiming credit for the attack. The case followed two more breaches at both the American and the New York City Bar Associations, which exposed the login information of some 1.5 million attorneys and 27,000 members respectively.
As repositories for sensitive data on both commercial and individual clients, legal organisations such as law firms and bar associations constitute lucrative targets for ransomware gangs, explains Dr Ilia Kolochenko, Adjunct Professor of Cybersecurity & Cyber Law at Capitol Technology University. What’s more, “law firms enjoy a very modest data protection regulation regime compared to such industries as banks or healthcare institutions, while processing data of the same or even higher sensitivity,” says Kolochenko. “We should expect a steady growth of sophisticated attacks against law firms in the near future.”
Who are BlackCat/ALPHV?
BlackCat is a ransomware-as-a-service criminal organisation believed to be based in Russia. The group has orchestrated several high-profile breaches in recent months, with victims as disparate as Reddit, Munster Technical University, Barts Health NHS Trust, Japanese watchmaker Seiko and Casepoint, a litigation technology provider.
BlackCat also raised eyebrows among cybersecurity analysts earlier this month when, after hacking the financial software provider MeridianLink, it claimed to have reported its victim to the US Securities and Exchange Commission (SEC) for failing to report the breach in good time. According to the group, MeridianLink had “failed to file the requisite disclosure under Item 1.05 of Form 8-K with[in] the stipulated four business days, as mandated by the new SEC rules” – ignoring the fact that these rules do not technically come into force until 15 December.