Incidents

Big law firm shuts down operations due to ransomware attack; users unable to access their files

Ethical hacking specialists report a serious ransomware incident that has infected internal networks at TrialWorks, a platform that provides a legal case management software service. During the incident, more than 10% of the platform’s users were unable to access their accounts and files.

The incident would have occurred during the
first two weeks of October, affecting dozens of major law firms and individual
users. Because of this infection, the legal firms impacted have had to request
the postponement of some cases in court, as it is not possible for them to
submit their documentation at this time.

TrialWorks released a statement saying that
they were already working with cybersecurity firms to address the incident,
adding that users would not be able to access their accounts during the
recovery process: “Thank you for your patience; the recovery process will
take a few more days, so users will have limited access to our systems this
week,” the company’s message concludes.

A snippet of TrialWorks’ statement

The company did not add details about its
recovery process, although ethical hacking specialists from the specialized platform
BleepingComputer believe that it is highly possible that TrialWorks has decided
to pay the ransom to hackers, as TrialWorks It only took a couple of days to
announce that their systems were already free of any trace of encryption
malware. Details about the ransomware variant used by attackers are also
unknown, although the features of the attack bear similarities to an incident a
couple of weeks ago against a medical software company, attributed to the group
hackers known as REvil/Sodinokibi, which employs the malware variant of the
same name.

“This ransomware variant is linked to
multiple high-profile infections, perpetrated by at least 40 threat actors
around the world,” say the experts in ethical hacking. Those responsible
for these attacks focus on software vendors and government organizations.
Although it is speculated that the company paid the ransom to regain access to
its systems as soon as possible, experts mention that the service will remain
inaccessible for the next few days, even if hackers hand decryption keys over
the victims, the process to remove encryption takes a few days.

After its merge with Needles, another legal
software platform, TrialWorks reached a total of 40,000 active users, belonging
to about 2,500 legal firms; an estimated 4,000 users would have had the impact
of the infection.

While the company decided to pay the ransom to hackers, and even the FBI has included payment as a possibility to recover files in its guide to dealing with cybersecurity incidents, ethical hacking specialists from the International Institute of Security Cyber (IICS) claim that giving in to the demands of attackers only gives them greater resources to continue their malicious operations or even implement new forms of attack.

Update from TrailWorks

TrialWorks
was recently targeted by a ransomware incident that did not affect our
software but did prevent approximately
5 percent of our customers, whose IT infrastructure we host, from
accessing their accounts. Upon learning of this incident, we promptly
commenced an internal investigation and retained independent
cybersecurity experts to help us respond to this incident.
We have been working around the clock to restore normal operations for
our customers as quickly as possible, and nearly all customers have had
access restored within a week. We continue to be in direct communication
with our customers throughout this restoration
process, and regret any concern or inconvenience this incident may have
caused. Our investigation remains ongoing, and we are committed to
continuing to take steps to enhance the security of our systems and to
reduce our time to restoration as these incidents
become all too common in today’s world.

To Top

Pin It on Pinterest

Share This