Cyber criminals published confidential information stolen from Brick Court Chambers as part of a huge alleged data theft, before removing it from public view.

Last week the chambers conceded that it was "aware of a potential cyber incident" and was "actively working with external cyber specialists to investigate the extent of any data breach".

RollOnFriday can confirm that the Medusa ransomware group attacked the chambers, and that it claims to have stolen 141GB of the set’s information which it made available for anyone to download.

Risking a hard drive muckier than a wayward priest’s, ROF installed the anonymising Tor browser and surfed through the dark web to track down Medusa's website.

Its front page displayed a running tally of the latest victims tagged with a ransom amount and a countdown clock, along with a list of the unfortunate organisations which did not pay on time and have had their stolen information released.

On Tuesday, the site showed that Brick Court’s data had been published. The relevant page had been viewed just over 1,000 times, though there was no indication of how many people, if any, had downloaded the data. 

ROF abstained from a cheeky peek for reasons of not wanting to die in a supermax prison, but did browse 43 preview screenshots which Medusa posted to prove the veracity of its heist. 


Believe it or not Medusa's site comes with a copyright notice.

The screenshots included time sheets, minutes of meetings, court documents, performance reviews, employment contracts, passports and even video conferences.


ROF has redacted this, though they were probably discussing something as anodyne as a leaky gutter or Dave's holiday plans. Why do we think that?


...because the minutes for this meeting were very dull. But we've redacted it anyway. Do better, hackers. (Please don't hack us.)

A file tree providing an overview of what was allegedly taken was also published by the hackers. Split into two parts, the ‘general’ section displayed folders on clerks, fees, HR, IT, DEI and marketing, while the 'secure' section listed folders covering more sensitive matters.

It wasn't necessarily the dynamite the hackers might have wanted. One of the ‘secure’ files appeared to refer to the contribution by five members of Brick Court Chambers to a chapter on investment arbitration in an encyclopedia of international procedural law, which is more likely to provoke narcolepsy than a ransom payment.

However, while browsing on the dark web for heroin and an assassin, ROF noted on Wednesday that the entry for Brick Court Chambers had been removed from Medusa's site. 

A spokesperson for the chambers declined to say whether it had paid a ransom on the basis that the incident was subject to a criminal investigation. 

The spokesperson told ROF, “We identified an IT incident, which we are investigating with the assistance of external cyber security specialists. We continue to conduct client business safely and securely. We are investigating this as a matter of urgency and keeping our clients and the relevant authorities updated with our progress”.

Cyber theft has established itself as an expensive annoyance for the legal sector, with A&O becoming one of the highest profile victims last year. It, too, was quiet on how much was paid to recover its data after an incursion into its systems.

    LU icon Join thousands of candidates from hundreds of firms and businesses on LawyerUp, the app where top employers get in touch directly when they like you for a role. It's available on the App Store and Google Play.

Thank you for taking part in RollOnFriday's survey of in-house lawyers. We use the results to write stories and reports. We don't take your name and so the answers you provide will be kept anonymous.
Your role
Your sector
When you're picking a firm, what's the most important factor?
How do you think the size of your in-house team will change over the next two years?
Will this be at the expense of instructing private practice?
How happy are you with your external lawyers working from home?
Tip Off ROF


Anonymous 24 May 24 08:24

The Medusa ransoms vary between $100k-$1m. But you can negotiate hard. I reckon they paid ~£50k. 

Any more and they were ill-advised. 

Anon 24 May 24 11:16

Since they get into big firms, they will get into small businesses.  But we also need a very strong commitment for all chambers to have cyber essentials plus at least in order to be allowed to operate - any weaker link in a chain by one is an opening into cases others are working on

Anon 24 May 24 11:50

Cyber essentials plus is a load of rubbish. It’s like telling a car driver to wear a crash helmet, instead chamgers should invest in their strategy overall. 

Too many law firms paying ransoms. 

Related News