Epiq Global Takes Systems Offline Following Ransomware Attack
E-discovery and managed services company Epiq Global announced on Monday that it had taken its systems offline after detecting "unauthorized access." A timeline for bringing the systems back online again is still unclear.
March 02, 2020 at 05:39 PM
3 minute read
This story has been updated with a statement Epiq released on Saturday.
Visitors to Epiq Global's website on Monday likely received the following message: "Our corporate web site is offline to perform maintenance." The e-discovery and managed services company took its systems offline on Saturday after detecting "unauthorized activity" that a spokesperson has since confirmed as a ransomware attack. The outage was first reported by legal tech journalist Bob Ambrogi.
"As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation. Our technical team is working closely with world class third-party experts to address this matter and bring our systems back online in a secure manner as quickly as possible," read a statement Epiq released on Monday.
The statement also specified that there has been no evidence of unauthorized data transfers, misuse, or exfiltration. However, the timeline for bringing Epiq's systems back online is still unclear—which could pose issues to customers with projects to complete.
Shawn Gaines, VP of marketing at Relativity, confirmed that Epiq-hosted instances of Relativity, for example, were impacted by the outage. He also clarified that the issue isn't related specifically to Relativity Server or RelativityOne broadly. "We know Epiq is working diligently to address the outage, and we've been in touch if there's anything we can do to help," Gaines said.
On Monday evening, TechCrunch cited an anonymous source with knowledge of the incident who claimed that the ransomware hit Epiq's "entire fleet of computers across its 80 global offices." The site also referenced an internal Epiq communication it had obtained telling employees not to go to their local offices without managerial approval and to turn off the Wi-Fi on their laptops before entering the parking lot of the building to avoid spreading the ransomware. However, TechCrunch also noted that an Epiq spokesperson had declined to confirm the contents of the internal email the site obtained or disclose the amount of data or computers impacted during the attack.
To be sure, Epiq is not the first technology vendor present in the legal industry to face a cyber-incident. In October 2019, case management platform TrialWorks disclosed to clients that it had been affected by a ransomware incident. Earlier that year, the Photon Research Team at software provider Digital Shadows realized that configuration errors had rendered 2.3 billion files accessible online.
This story was update to reflect a Monday evening report from TechCrunch. Legaltech News will continue to update this story as more is known.
March 9 update: Epiq updated its original statement on Saturday to reveal that "Ruyk" ransomware protocol was used in the attack. The company also listed the specific business components that were impacted by the incident: Restructuring and Bankruptcy, Class Action and Mass Tort and Legal Solutions, which contains Epiq's e-discovery and document review services. The updated statement is located here.
Wednesday update: Epiq's website is now operational and Monday's statement has been added to the homepage. "Our technical team is working closely with world class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible. At this time there is no evidence of any unauthorized access, transfer or misuse or exfiltration of any data in our possession. We will continue to provide timely updates until this situation is resolved," reads the statement in part.
|NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250