Law in Order attacked by NetWalker ransomware

Edward Kost
Edward Kost
November 22, 2020

On Sunday 22nd November, Law in Order experienced a server breach. The attackers held the compromised data hostage by encrypting it, promising to only reverse their actions if a ransom payment is made within seven days.

The Australian document and digital service provider for law firms, confirmed the attack in an official statement. Counter measures were immediately implemented to prevent networked systems from being compromised.

“As a precaution, to protect information and systems, Law In Order has limited the access to much of its network which has therefore halted much of our business operations,” the company said in its statement.

In a statement update on the 23rd of November, Law in Order announced that it was investigating the extent of the breached data and that there was no concrete proof of any data transfer from their servers.

“At this stage we have seen no evidence of data exfiltration nor anything that indicates Law In Orders’ customers’ networks have been compromised.”

This statement, however, may require clarification after possible proof of the ransomed data was published online by the attackers.

Law in Order fell victim to an innovative form of ransomware known as NetWalker ransomware. NetWalker is a Windows ransomware created by the cyber crime group Circus Spider.

The group made their ransom software available for hire by criminals in March 2020 when they adopted the Ransomware-as-a-Service (RaaS) model.

Since adopting an RaaS model, NetWalker has grown from a minor operation to a significant global threat with cases spiking in March 2020.

The illustration below demonstrates the global prevalence of the NetWalker ransomware

NetWalker ransomware global prevalence
Global prevalence of the NetWalker ransomware - Source:

Victims of a NetWalker ransomware attack are presented with a ransom letter written in a notepad document. Here’s a screenshot of a NetWalker ransom note shared in a tweet.

netwalker ransom note example
Example of NetWalker ransom note

Between March 1 and July 27 of 2020 it’s estimated that just under A$43.6 million dollars worth of Bitcoin was transferred to NetWalker related wallets.

The identities of the criminal operatives behind NetWalker are still unknown.

In its official statement of the breach, Law in Order announced that they are making progress and will continue to work with cyber security experts to remediate the incident.

“We have engaged expert cyber security investigators and advisers, who are working with our team to investigate and respond to the incident. Our priority is to restore systems back online safely and quickly.” 

“We are making progress, however it is important that we do this methodically and safely as we work to resume normal business operations.”

How secure is Law In Order?

Established in 1999, Law In Order is the leading supplier of end to end document and digital solutions for the legal industry.
  • Check icon
    View our free preliminary report on Law In Order’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating