"Now for the next slide on Cyber-securi-"
The Ince Group has obtained an injunction to protect its confidential data after it was hit by a ransomware attack.
Cyber-attackers targeted Ince on 13 March, and threatened to publish stolen data on the dark web if the firm did not pay a ransom. On 1 April, the High Court granted the firm an injunction to block the use, publication or disclosure of any data taken from the firm's systems by the hackers.
A spokesman for the Ince Group told RollOnFriday that the injunction means that if the hackers publish the data "they may be held in contempt of court and imprisoned, fined or have their assets seized."
It is an illustration of the vulnerability of major law firms to this sort of attack, which is something lawyers working for these firms should be aware of. Ince advises on cyber security, but has now found itself to be a victim. The firm highlights its expertise on its website, and offers clients a "Cyber Security Assessment" to identify any existing vulnerabilities in their networks.
Notably, this case.
Ince's IT systems were disrupted following the cyber-attack. RollOnFriday was told by a source that staff had problems with their emails for three weeks, which had affected their ability to access certain emails and documents. Ince staff couldn't record time or raise invoices, either, said an insider. And there was no wifi in the office, so everyone had to WFH or, if they were in the office, to use "hotspotting off their phones".
The firm did not verify the extent of the IT issues, but did confirm there had been problems due to the cyber-attack. A spokesman said: “Whilst we have been experiencing some IT disruption as a result of this incident, where possible we’ve put work arounds in place to ensure client servicing can continue as normal; albeit, in some cases, with slight delays.”
It is not known who is behind the attack at this stage. But Ince is not the only firm that has been hit by hackers. A criminal law firm was recently fined after it failed to secure sensitive court files which were posted on the dark web.
In 2017, a cyber gang crippled DLA Piper's communication network for over two days. The hackers asked the firm to pay an unspecified wedge of bitcoin, but RollOnFriday understands that the firm refused to cough up. In 2020 a ransomware gang claimed that it was auctioning a media law firm's celebrity client files. Other hackers have merely forced law firms to sell diet pills, advertise busty brides and flog Viagra.
Comments
Sorry to ruin the illusion Ince, but if these guys are able to waltz through your security, they can almost certainly publish online without getting caught.
If I was a client at Ince, I’d be furious. Confidential client information may well end up online because of this.
Will hackers who are engaging in illegal activity and able to remain anonymous pay any attention to an injunction?
am i missing something? why would an injunction against anonymous hackers be in any way effective?
*images of criminal hackers swooning and clutching their pearls*
*images of criminal hackers laughing and clutching someone else's pearls*
Ah yes, the injunction against cybercriminals threatening to release data onto the dark web. Useful for nothing but generating fees, which in this case presumably won't exist as the firm is its own client.
The injunction only has utility when the hackers inevitably are caught. Contempt of court will weigh a lot heavier than the inevitable defence about the poor, poor client was just suffering from autism. These hackers probably operate internationally, so when they are caught, they will probably also sent to the US.
These hackers are total amateurs. Who'd want to steal anything off Gordon Dadds?
Of course, a law firm has to be seen to be doing something ‘legal’. I may be helpful later down the line if another side tries to use that information in a deal /transaction.
Also, they won’t be doing the incident response themselves. They will paying another firm to deal with it.
"What am I bid for this pdf of a Welsh pub licence?"
Worth noting that whilst this may have been a targeted attack it was more likely someone accidentally downloading malware.
Another reminder that everyone has a part to play in information security, the moment you think someone else is dealing with it is the moment you've lost.
The injunction is to show their clients the firm takes it seriously, given it’s the clients’ information. It’s otherwise meaningless unless it can be enforced against individuals but if they were known the police would arrest them anyway. It may possibly show other potential hackers that the firm won’t pay ransom monies as well, which they hope will deter future attacks.
They switched off the servers of the French part of Ince when the French told Gordon Dadds where to go, and in doing so destroyed all of the French firm's data.
Karma's a bitch. That same French firm is now throwing off several times more profit than aimless Ince. Go figure.
I just never feel sorry for Ince.
Ince is so crap it's laughable
Heh @ Lawyers offering "information security" solutions for clients.
1. "Here's a policy"
2. We recommend you should get someone to train your staff. No, we don't have any suggestions.
3. We understand that there are loads of tools/service providers out there to test penetration of your systems and how likely your staff are to click malware e-mails; You should find and incorporate them into your infosec systems. No, we don't have any suggestions.
4. You've been hacked? Oh dear. We can tell you the regulators you need to notify, the wording of notifications to your customers and what you should tell employees about their personal data making its way onto the dark web.
5. Actual forensic investigation of how/when they got in, is the malware still there, what data they looked at vs what they actually took...? Nope.
6. After step 4, we also suggest you instruct us to take out an ex parte injunction against persons unknown to demonstrate to your insurers that you've done 'absolutely everything' you could to try and mitigate your loss.
7. What do you mean "What do I do now"? Actually, on second thoughts ... here's a new policy.
Just received a letter from Ince regarding the cyber attack. Absolutely furious right now as I'm no longer employed with the company and I'm not sure how they archive your details but all my personal info has been compromised
Hilarious: https://www.incegd.com/en/services/cyber-security
Cannot understand why the Law Gazette has chosen not to publish this article, yet in big headlines today it reads, Ward Hadaway blackmailed after cyber attack! Is there is selection process as to why they neglected to publish Ince Group cyber attack, or am I missing something! Just a thought
Comments