Epiq Logo New

This story has been updated with a statement Epiq released on Saturday.

Visitors to Epiq Global's website on Monday likely received the following message: "Our corporate web site is offline to perform maintenance." The e-discovery and managed services company took its systems offline on Saturday after detecting "unauthorized activity" that a spokesperson has since confirmed as a ransomware attack. The outage was first reported by legal tech journalist Bob Ambrogi.

"As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation. Our technical team is working closely with world class third-party experts to address this matter and bring our systems back online in a secure manner as quickly as possible," read a statement Epiq released on Monday.

The statement also specified that there has been no evidence of unauthorized data transfers, misuse, or exfiltration. However, the timeline for bringing Epiq's systems back online is still unclear—which could pose issues to customers with projects to complete.

Shawn Gaines, VP of marketing at Relativity, confirmed that Epiq-hosted instances of Relativity, for example, were impacted by the outage. He also clarified that the issue isn't related specifically to Relativity Server or RelativityOne broadly. "We know Epiq is working diligently to address the outage, and we've been in touch if there's anything we can do to help," Gaines said.

On Monday evening, TechCrunch cited an anonymous source with knowledge of the incident who claimed that the ransomware hit Epiq's "entire fleet of computers across its 80 global offices." The site also referenced an internal Epiq communication it had obtained telling employees not to go to their local offices without managerial approval and to turn off the Wi-Fi on their laptops before entering the parking lot of the building to avoid spreading the ransomware. However, TechCrunch also noted that an Epiq spokesperson had declined to confirm the contents of the internal email the site obtained or disclose the amount of data or computers impacted during the attack.

To be sure, Epiq is not the first technology vendor present in the legal industry to face a cyber-incident. In October 2019, case management platform TrialWorks disclosed to clients that it had been affected by a ransomware incident. Earlier that year, the Photon Research Team at software provider Digital Shadows realized that configuration errors had rendered 2.3 billion files accessible online.

This story was update to reflect a Monday evening report from TechCrunch.  Legaltech News will continue to update this story as more is known.

 March 9 update: Epiq updated its original statement on Saturday to reveal that "Ruyk" ransomware protocol was used in the attack. The company also listed the specific business components that were impacted by the incident:  Restructuring and Bankruptcy, Class Action and Mass Tort and Legal Solutions, which contains Epiq's e-discovery and document review services. The updated statement is located here.

Wednesday update: Epiq's website is now operational and Monday's statement has been added to the homepage. "Our technical team is working closely with world class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible. At this time there is no evidence of any unauthorized access, transfer or misuse or exfiltration of any data in our possession. We will continue to provide timely updates until this situation is resolved," reads the statement in part. 

|