[BreachExchange] Legal services giant Epiq Global offline after ransomware attack

Destry Winant destry at riskbasedsecurity.com
Tue Mar 3 10:09:59 EST 2020


https://techcrunch.com/2020/03/02/epiq-global-ransomware/

Legal services giant Epiq Global has been hit by a ransomware attack.

The company, which provides legal counsel and administration that
counts banks, credit giants, and governments as customers, confirmed
the attack hit on February 29.

“As part of our comprehensive response plan, we immediately took our
systems offline globally to contain the threat and began working with
a third-party forensic firm to conduct an independent investigation,”
a company statement read. “Our technical team is working closely with
world class third-party experts to address this matter, and bring our
systems back online in a secure manner, as quickly as possible.”

The company’s website, however, says it was “offline to perform maintenance.”

A source with knowledge of the incident but who was not authorized to
speak to the media said the ransomware hit the organization’s entire
fleet of computers across its 80 global offices. According to an
internal communication sent to staff that was obtained by TechCrunch,
the law services company said staff should “not go” to their local
offices without managerial approval. Staff in offices were advised to
avoid connecting any device to the network. The communication also
said that staff should “turn off the Wi-Fi on your laptop before
entering the parking lot of the building” in an effort to prevent the
spread of the ransomware.

Many of the computers were running old versions of Windows, the source
said. “Nothing is up to date,” the source said.

The source came forward because, in their words, “we were told not to
tell clients anything until we are back in.”

It’s not immediately clear which kind of ransomware was used in the
attack, but Epiq Global said in its statement that there was “no
evidence” that data was stolen. Although ransomware typically infects
computers, spreads, and encrypts files across a network in exchange
for a ransom, some newer and more advanced ransomware families also
exfiltrated corporate data before encrypting the files and threatened
to publish the files unless a ransom is paid.

Just this week, Visser, a parts manufacturer for Tesla and SpaceX, was
hit by a more advanced, data exfiltrating ransomware. A portion of the
files stolen from the company were published by the ransomware group.

Epiq spokesperson Catherine Ostheimer declined to disclose the details
of the ransomware, nor did she provide a percentage of the data or
computers impacted by the attack. Ostheimer also declined to confirm
the contents of the email obtained by TechCrunch.

None of our specific questions were addressed, including if the law
services giant had contacted its clients impacted by the attack.

“Our offices globally are open for business and we’re working with
third party experts to address this matter, and to bring our systems
back online in a secure way as quickly as possible,” the spokesperson
said.


More information about the BreachExchange mailing list