View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
May 30, 2023updated 21 Aug 2023 3:52pm

BlackCat claims ransomware attack on lawtech platform Casepoint

The company, which works with US government departments, is being held to hostage by one of the internet's most active ransomware gangs.

By Claudia Glover

Legal technology platform Casepoint has been posted on the dark web victim blog of notorious ransomware gang BlackCat. The company works with US government agencies including the Securities and Exchange Commission and the Department of Defence.

BlackCat posts legal technology company Casepoint to its victim blog. (Photo by Javier Chiavone/Shutterstock)

The gang claims to have over two terabytes of the company’s data, including attorney files, and “many other things you have tried so hard to keep”.

BlackCat posts Casepoint to dark web blog

Casepoint is a litigation technology platform with over 400 employees and and revenue of $275m. Alongside its government contracts, customers include the Marriott Hotel chain.

This morning the company was the latest to be posted onto the dark web victim blog of BlackCat.

The post includes sample data showing visa details, a report and a certificate. 

“We encourage you to get in touch or we’ll start posting your data on our blog soon,” continues the post.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The announcement is unclear on what level of ransom has been demanded, and when the deadline is for the company to pay the ransom. Victims are usually given a set timeframe to respond before their data is dumped online.

Tech Monitor has contacted Casepoint for comment, but has not received a response at the time of writing. 

BlackCat victims usually pay up

BlackCat, also known as ALPHV, is a Russian speaking ransomware-as-a-Service gang, meaning its malware is available for other cybercriminals to buy and use. It is thought to have links to other infamous ransomware gangs like REvil, BlackMatter and DarkSide. 

It’s recent victims include international audit and consultation firm Mazars, posted to the gang’s blog last Monday alongside a threat to release 700 gigabytes of data. 

Other victims include the Ecuadorian Army, US defence contractor NJVC and two German oil companies.

According to a recent report by security company Veronis, 90% of the gang’s victims end up paying the ransom, which typically ranges from $400k to $3m, usually demanded in cryptocurrency.

While the true number of BlackCat’s victims is unknown, over 20 organisations have been named on the group’s Tor leak site. Operating since November 2021, the gang favours victims globally, across the sectors of manufacturing, technology, energy and construction. 

The FBI highlighted in an advisory that the gang is also noteworthy for using the Rust programming language, something that is harder for researchers to decode. “Using Rust [is] considered to be a more secure programming language that offers improved performance and reliable concurrent processing,” the advisory issued last year said.

Read more: BlackCat posts luxury watchmaker Seiko to its victim blog

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU