Cl0p Hackers Hit Three of the Biggest U.S. Law Firms in Large Ransomware Attack

BLUF: Law firms Kirkland & Ellis, K&L Gates and Proskauer Rose were the hacking group’s primary legal targets.

Three of the largest U.S. law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people, reports said.

Who Got Hit?

Law firms Kirkland & Ellis, K&L Gates and Proskauer Rose were the hacking group’s primary legal targets this time around, according to?RollOnFriday, a London, U.K.-based legal professional website. The gang has posted the names of the law firms on their leak site, along with dozens of other victims. The break-in was reportedly orchestrated over the Memorial Day weekend.

Cl0p is known for its large ransom demands, at times starting at $3 million for a opening negotiating point. That it has posted the law firms’ names on its leak site may indicate that talks have broken down.

The U.S. Department of Health and Human Services (HHS) was among those affected by the wide-ranging campaign, according to a?Reuters?report.

“While no HHS systems or networks were compromised, attackers gained access to data by exploiting the vulnerability in the MOVEit Transfer software of third-party vendors,” a health department official told Reuters.

Russia-Linked Attacks

The attackers, who identified themselves as “Lance Tempest,” are linked to the Russian-based crew, which is tracked as TA505. The group, which has encrypted data belonging to hundreds of universities, financial organizations and multinational corporations, has been exploiting a flaw in Progress Software’s MOVEit software used to transfer files since 2021.

Cl0p is said to have capitalized on the MOVEit vulnerability, which has twice been patched, to compromise nearly 200 companies. Many of the disrupted organizations have apparently not applied the patches, leaving the door open for the Cl0p operatives.

Law firms are a particularly attractive target for the depth of extort-able personal information they hold from individuals and companies plus the dual threat of publishing it publicly should a ransom demand go unmet. The group has previously insisted it doesn’t deliberately steal data from government organizations,

Last month, the US State Department placed a $10 million bounty on Cl0p’s leader, seeking information tying the group to a foreign government.

by D. Howard Kass

If you're interested in learning more about our Cybersecurity as a Service and how it can enhance your organization's security, contact us today!

Phone: +233230550979 / +233574550979

Email:?[email protected] / [email protected]

Or, if you prefer, you can schedule a call with one of our experts at?https://calendly.com/tacticalintelligencesecurity/free-security-assessment?to discuss your organization's specific needs and learn more about how our services can help. Don't wait—take the first step towards securing your organization's critical assets today!