Allen & Overy law firm breached, LockBit takes credit

Top global law firm Allen & Overy (A&O) said some of its systems have been impacted due to a “data incident” claimed by the LockBit ransomware group.

The London-based corporate law firm sent a statement to Cybernews confirming the incident Thursday.

“We have experienced a data incident impacting a small number of storage servers,” an A&O spokesperson said.

“Investigations to date have confirmed that data in our core systems, including our email and document management system, has not been affected,” they said.

The company also said it “took immediate action to isolate and contain the incident” and that an outside cybersecurity advisor was brought in to help assess “exactly what data has been impacted.”

Threat intelligence platform first posted about the LockBit claim November 7th on X, along with a screenshot showing A&O listed on the group’s dark leak site.

“LockBit #ransomware group had added Allen & Overy to their victim list. They claim to publish the data on November 28th, 2023,” the X post stated.

The firm continues to operate normally with limited disruption due to the containment procedures, A&O said.

Founded in 1930, A&O has roughly 5500 employes and over 500 partners spanning 31 countries according to its website.

The company said it would be informing affected clients while forensic investigations and remediation takes place.

“We appreciate that this is an important matter for our clients, and we take this very seriously. Keeping our clients’ data safe, secure, and confidential is an absolute priority,” the spokesperson said.

Last month, Allen & Overy announced a merger with another legal powerhouse, the New York based Shearman & Sterling, similar in size and prestige.

The newly minted "A&O Sherman" will create one of the largest corporate law forms in the world, boasting 4000 lawyers, 800 partners spread across 48 offices, according to the new company.

Law firms increasingly targeted by hackers

Britain's National Cyber Security Centre put out a warning to law firms this past June, claiming that practices were increasingly being targeted by hackers looking to get their hands on sensitive documents that could be used to sway legal cases.

And, last year, the Solicitors Regulation Authority – a regulatory body for solicitors in England and Wales – also cautioned law firms that the growing dependence on technology following the Covid-19 lockdowns had created "more opportunities for cybercriminals."

Meantime, several other smaller legal practices were also claimed on LockBit’s victim blog in recent weeks. All the victims have publishing deadlines coming up within the next few days.

The firms include; labor and employment law group Kaufman Borgeest & Ryan in New York City, Mississippi family and personal injury attorneys Holland & Hisaw; and the Chicago immigration Law Office of Marcia Binder Ibrahim.

Lockbit law firms
LockBit leak site

This spring, the New York City white-shoe law firm Cadwalader, Wickersham & Taft notified more than 90,000 clients their information was compromised by hackers who had gained access to company systems the previous November.

Several major law firms were also hit by the Cl0p ransomware group as part of the MoveIt hacking spree.

Major New York law firms Kirkland & Ellis, Proskauer Rose, and Pittsburgh’s K&L Gates were listed among the hundreds of victims targeted by the gang this past June.

Cl0p was able to take advantage of a zero-day vulnerability in the MoveIt file transfer software system used by the firms, and by thousands of other companies worldwide.

Stolen files allegedly belonging to all three victims were published on Cl0p’s dark leak site and torrents page at some point this summer.

LockBit's path of destruction

The LockBit group first appeared on the ransomware scene sometime late 2019.

According to the Cybernews research team, LockBit was the most active ransomware gang of last year, and has been just as active in 2023.

Overall, the threat actors are said to have executed over 1,400 attacks against victims in the US and around the world, including Asia, Europe, and Africa, raking in tens of millions in Bitcoin ransom payments.

So far this year, LockBit has already claimed multiple high-profile companies, including, most recently, aerospace giant Boeing, Britain's Royal Mail, and TSMC, and the world’s largest semiconductor manufacturer.

Allen & Overy LockBit
LockBit leak site

The gang operates as a Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct attacks using LockBit ransomware tools and infrastructure, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

Because of the large number of unconnected affiliates using LockBit ransomware, attacks methods can be widely varied.

The LockBit ransomware variant, now in its third iteration, is considered the most deployed ransomware variant across the world.

More from Cybernews:

TOC label:TOC id: # pays ransom, attackers release data anyway

Lego fans told to change passwords after cyberattack

Be careful what you scan: QR scams increase by 51%

Americans would choose root canal over year of scam texts

Signal tests usernames to avoid using phone numbers

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked