Law firm working with Fortune 500 companies struck by ransomware attack

Campbell Conroy & O’Neil P.C., a leading law firm that counts among its customers some of the world’s largest companies such as those in the Fortune 500, has been struck by a ransomware attack.

The firm first detected the attack on Feb. 27 and an investigation determined that the attack involved ransomware preventing access to certain network files. While noting July 16 that it can’t confirm that data was stolen, the firm did say that there was a rich trove of data on the targeted system.

Data potentially stolen includes names, dates of birth, driver’s license and state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data and online account credentials.

Campbell Conroy & O’Neil added that it has employed third-party forensic investigators and alerted the U.S. Federal Bureau of Investigation.

Exactly how many Campbell Conroy & O’Neil clients may have had data stolen is unknown, clients include Exxon Mobile Corp., Apple Inc., Mercedes Benz, Toyota Motor Sales USA Inc., Honda North America Inc., Boeing Co., Home Depot Inc., British Airways plc, The Dow Chemical Co., PECO Energy Co., Allianz SE, Universal Health Services Inc., Marriott International Inc., Johnson & Johnson, Pfizer Inc., Time Warner and many others.

“Law firms are an extremely lucrative target to cybercriminals due to the massive amounts of personally identifiable information they collect and store such as Social Security driver’s license numbers, as well as financial and medical information,” Anurag Kahol, co-founder and chief technology officer of cloud access security broker Bitglass Inc., told SiliconANGLE. “Cybercriminals can leverage this data to commit financial fraud, engage in identity theft, or sell for high profits in dark web marketplaces.”

Stephan Chenette, co-founder and CTO at security optimization platform provider AttackIQ Inc., noted that ransomware attacks often have collateral damage and impact beyond the ransom.

“The incident not only impacts Campbell Conroy & O’Neil itself but also its clients, who are some of the world’s largest corporations,” Chenette explained. “As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom – it is likely that the organization will suffer reputational damage, legal consequences and loss of data and business.”

Ilia Kolochenko, founder of application security company ImmuniWeb SA and a member of Europol Data Protection Experts Network, believes that the most valuable data from the law firm was not personally identifiable information but rather those behind the attack were searching for more sensitive information.

“Smart cybercriminals are chasing for sensitive dossiers of wealthy or politically exposed customers, looking for attorney-client privileged information or other sensitive litigation-related data,” Kolochenko said. “Modern cyber gangs are well aware of it, and on the dark web, there are dedicated channels to buy and sell data from compromised law firms.”

Worse, he added, “in some jurisdictions, stolen data, especially related to serious tax fraud, can be admitted in court proceedings both in civil and criminal cases. If such data was compromised, the criminals will almost certainly try to extort the law firm and its clients in parallel.”

Image: Wikimeida Commons