After targeting two law firms in the past couple of months, a hacker group called Maze has struck the legal industry again, publicizing a ransomware attack on three small South Dakota firms and vowing to publicly publish their confidential data if the firms do not pay up. 

The firms, 22-lawyer Bangs McCullen, 27-lawyer Lynn, Jackson, Shultz & Lebrun, and 13-lawyer Costello Porter were listed Jan. 24 on one of the sites Maze uses to announce its targets. 

Brett Callow, a Vancouver-based security analyst for cybersecurity company Emsisoft, said Maze was upping the standard ransomware ante with its threats to publish the data it took. 

Callow has tracked Maze's activities for several months. In addition to the three law firms the group added to its list of public targets Jan. 24, Maze previously attacked 10-lawyer Houston-based Baker Wotring and Oregon-based, two-partner Hamilton & Naumes last month.

Traditionally, Callow said, such attacks would lock down a company's data and force it to pay to regain access. But Maze is both locking down the data and offering samples of the stolen information as "proof" that it could release the data to the public. 

Callow said Maze's original public site for posting the material, which be believes was hosted in Ireland, was shut down after an injunction. He said the most recent iteration of Maze's public sites were being hosted by two companies incorporated in China. 

Recent victims of Maze's ransomware, according to a statement from Callow, include the city of Pensacola, Florida, Allied Universal, Southwire, "an accounting firm, a medical testing lab, and medical practices." The stolen data was published in those cases, he said. 

This particular group has been on the legal industry's radar previously. Southwire, a Georgia-based cabling and wire manufacturer, sued Maze last month to stop the group from publishing sensitive company data to a public website the group put together to extort companies it had hacked. Southwire was represented by Mayer Brown. 

The three South Dakota firms, as well as Baker Wotring and Hamilton & Naumes, are all smaller firms. Callow said that it is often preferable for hacker groups to go after smaller entities because they can lack the financial resources to build sufficient infrastructure security. 

Law firms have long been a treasure trove of data for ambitious hackers. Client information and records can exponentially increase the variety of potentially profitable information that can be obtained from hacking a single firm. An ALM investigation from late in 2019 showed that hundreds of firms had been compromised over the previous five years, ranging in size from global giants to small, 20-lawyer firms with one office.

All five law firms mentioned in this piece and listed by Maze were contacted for comment regarding their respective data breaches. All either declined to comment or did not respond. 

Callow said that while reports of hacking are increasing, a majority of the time companies end up trying to "sweep it under the rug" by paying the ransom and moving on. He said he believes around only 10-to-20% of successful hacks are actually reported.

|

Read More:

More Than 100 Law Firms Have Reported Data Breaches. And the Problem Is Getting Worse