On Sunday 22nd November, Law in Order experienced a server breach. The attackers held the compromised data hostage by encrypting it, promising to only reverse their actions if a ransom payment is made within seven days.
The Australian document and digital service provider for law firms, confirmed the attack in an official statement. Counter measures were immediately implemented to prevent networked systems from being compromised.
“As a precaution, to protect information and systems, Law In Order has limited the access to much of its network which has therefore halted much of our business operations,” the company said in its statement.
In a statement update on the 23rd of November, Law in Order announced that it was investigating the extent of the breached data and that there was no concrete proof of any data transfer from their servers.
“At this stage we have seen no evidence of data exfiltration nor anything that indicates Law In Orders’ customers’ networks have been compromised.”
This statement, however, may require clarification after possible proof of the ransomed data was published online by the attackers.
Law in Order fell victim to an innovative form of ransomware known as NetWalker ransomware. NetWalker is a Windows ransomware created by the cyber crime group Circus Spider.
The group made their ransom software available for hire by criminals in March 2020 when they adopted the Ransomware-as-a-Service (RaaS) model.
Since adopting an RaaS model, NetWalker has grown from a minor operation to a significant global threat with cases spiking in March 2020.
The illustration below demonstrates the global prevalence of the NetWalker ransomware
Victims of a NetWalker ransomware attack are presented with a ransom letter written in a notepad document. Here’s a screenshot of a NetWalker ransom note shared in a tweet.
Between March 1 and July 27 of 2020 it’s estimated that just under A$43.6 million dollars worth of Bitcoin was transferred to NetWalker related wallets.
The identities of the criminal operatives behind NetWalker are still unknown.
In its official statement of the breach, Law in Order announced that they are making progress and will continue to work with cyber security experts to remediate the incident.
“We have engaged expert cyber security investigators and advisers, who are working with our team to investigate and respond to the incident. Our priority is to restore systems back online safely and quickly.”
“We are making progress, however it is important that we do this methodically and safely as we work to resume normal business operations.”