EXCLUSIVE REvil hackers ‘hold second US firm to ransom’

Cybergang REvil has allegedly hacked an IP law firm in the US and stolen data relating to major businesses and even the US Navy.

The criminals have allegedly hacked Vierra Magen Marcus, an IP firm based in California. RollOnFriday has seen screengrabs purportedly posted on the dark web by REvil which show folders listed under the IP firm's name alongside an index note of high profile organisations including the US Navy, ExxonMobil, L'Oreal, Nissan, Daimler Chrysler, Honeywell and LG Electronics, as well as other well-known businesses. One of the screenshots refers to an archive download of 1.2TB.

At present, RollOnFriday understands that no actual documents relating to Vierra Magen Marcus or its clients have been published on the dark web. Brett Callow, a threat analyst at anti-malware business Emsisoft, told RollOnFriday: “At this point, the group’s only objective is to prove to the company that they had access to the network and to scare them into paying." He added "it’s the equivalent of a kidnapper sending a pinky finger.”

^{Not sure IT has a handle on this}

It is not known whether REvil has issued a message to the firm outlining any demands. And of course it could be a hoax. RollOnFriday has contacted the firm repeatedly, but it did not respond to requests for comment.

REvil recently hacked Grubman Shire Meiselas & Sacks, from which is has demanded $42 million not to reveal documents about the firm's celebrity client base. Its tactics have proved lucrative. In January this year, the group managed to extract a ransom of $2.3 million in bitcoin from Travelex after encrypting the company's files.

"While companies often claim to have been victims of a 'highly sophisticated cyberattack,' the reality is that, in many cases, the attacks only succeeded because basic best practices were not followed," Callow told RollOnFriday.

"Problems such as weak passwords, a lack of multi-factor authentication and non-patching are, unfortunately, all too common," said Callow. "This needs to change and companies must do a better job of protecting the data that their clients and business partners have entrusted to them - and especially companies which, like law firms, hold extremely sensitive information."

In the good old days, hackers merely forced law firms to sell diet pills, advertise busty Russian brides and flog Viagra.

Comments

Jesus. Is this amateur hour? It's not brain surgery. Firewall, anti-malware, encrypted mirror servers backed up at daily and weekly intervals at remote sites so you can roll back to an earlier image if required. Any firm with a CTO worth a paycheck can get an off-the-shelf solution which makes their system very difficult to hack and easy to restore from backups if compromised. If this happened to a UK firm, the SRA should rightly kick its arse hard.

@9:27

All of that is reasonable advice, particularly when addressed to the problem of ransomware and firms that cannot recover to an operational state if attacked. But the REvil attacks seem to be about the breach of confidence not about the loss of availability. However many backups you have is immaterial to whether or not confidential client information is leaked. Firewalls, antimalware and encryption are all part of the picture although multifactor authentication is probably the number one issue especially with everyone moving stuff to the cloud.

That's not to say, though, that there isn't a role for regulation in ensuring that law firms live up to expectations in securing client data.

Law firms need to take this more seriously than many of them do now. If data is the new oil, then access to client data is extremely vulnerable. At the moment, as "Cyber security lawyer" @10.40 suggests, these law firm hacks have largely been limited to "nyah, nyah ... we're in! Now pay up, law firm or we'll shut everything down/delete everything!"

Its when organized crime moves in and accesses draft prospectuses, draft court orders and deal rooms and act on insider information, that we will see law firm information security failures really come under the microscope. Look out for that lawsuit from the client who has had to abandon its IPO ....

As the ICO has an enforcement power over UK law firms, including financial sanctions, it will be interesting to see how cyber security risks figure over the next few years. Might be embarrassing to boast about your cyber law department's expertise if you've been hacked? (Not that it stops Deloitte offering cyber risk consulting.)

In other US news, the Muller investigation was not the only investigation into Donald Trump. While Muller dealt with criminal wrongdoing, intelligence and security malfeasance was investigated by a separate unit the existence of which was not disclosed. Thus while Muller took the heat the other investigation was permitted to pursue it's enquiries unmolested.

It is nearly ready to report. Trump found out about it on May 15. That was when he started tweeting Obamagate and tried to work towards a military coup. Senior military officers both current and retired have come out in increasing numbers to remind everyone that the military swear an oath to protect the constitution including the people's right to protest.

I wonder what, if anything they know.

Comments

Related News