Epiq Logo New

All of Epiq's systems are officially up and running again. The e-discovery and managed services company had taken its global systems offline in late February after detecting "unauthorized activity" that an investigation later revealed to be a "Ruyk" ransomware protocol attack. 

According to a statement posted to the company's website on Thursday, the cybersecurity firm Mandiant found no evidence that any client data was accessed or exfiltrated. "There has been no evidence of malicious activity in our system since March 1, 2020, and the attack did not impact our backup systems or data," read the statement.

In March, Epiq revealed the specific business elements impacted by the Ruyk ransomware attack, including the company's Restructuring and Bankruptcy, Class Action and Mass Tort and Legal Solutions components. According to the Center for Internet Security, Ruyk is a type of crypto-ransomware that blocks access to a system or file to extort payment via Bitcoin. It's typically dropped into a system via the banking trojan TrickBot, which Epiq also acknowledged finding evidence of inside its systems.

To contain the spread of the threat, the company took all of its global systems and data centers offline. Each system was then tested and brought back online one-by-one with assistance from Mandiant, IBM and Microsoft. As of March 19, Epiq indicated it had restored access to over 90% of its client facing systems.

Meanwhile, partners were not immune to the outages. For instance, shortly after news of the Epiq attack first broke, Shawn Gaines, VP of marketing at Relativity, confirmed to LTN that Epiq-hosted instances of Relativity had been impacted.

Now with Thursday's announcement that all systems have been restored, Epiq appears to be focused on what's next. The company said it has worked closely with Microsoft and IBM to implement additional "hardening measures" to improve the security of its network.

"We have learned a great deal from this incident, including that no company is immune to increasingly sophisticated cyber attacks in today's dynamic threat landscape, and we are committed to sharing key lessons learned in the coming weeks," Thursday's statement read.

|