Three Law Firms Breached by REvil

by: Sharon d. Nelson, Esq.

Security Boulevard reported on June 5th that the cybercriminals who make up the REvil ransomware gang have launched an auction site where they plan to sell stolen data they were unable to ransom. Previously, REvil claimed to have stolen data from Grubman Shire Meiselas & Sacks, a law firm that primarily serves celebrities, and Agromart, an agricultural company based in Canada. Other apparent victims include Wartman Law Firm, Fraser Wheeler and Courtney LLP and Vierra Magen Marcus LLP.

We don't really know how sensitive the stolen data is. It may be of more interest to a rival law firm to understand, for example, how business deals were put together than of use to someone looking for salacious celebrity material.

DarkOwl, a provider of a search engine service optimized for the Dark Web, has provided regular updates on the activities of the REvil ransomware gang. However, DarkOwl CEO Mark Turnage warns there are plenty of other cybercriminals offering all kinds of data for sale that most of the organizations affected often know nothing about. As cybercriminals have become more adept at identifying data that might be of interest to specific parties, Turnage said the effort to either extort money or simply sell data on the Dark Web has become more sophisticated.

Something else to worry about, right?

Right now, some are paying the ransom and hoping that the data thieves are honorable (I would not bet the mortgage money on that). Some do not pay ransom – they have robust backups so they are ok on the tech front. They can't usually be sure whether the criminals have the data or how important the data is. Turner has noted that claiming to have certain data that never existed is becoming part of larger disinformation campaigns that are being launched via the Dark Web.

Some organizations are proactively monitoring the Dark Web to determine if their data is already for sale or if they are about to become a target. This has become a big business, but we are not at all certain that there is any real way to monitor everything. Certain well-known sites can be monitored but the Dark Web is wide and deep, without any clear road map. Some of what companies claim they can do strikes us as dubious.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology