Menu
On February 29th, 2021, Epiq Global, a highly recognized provider of legal services, experienced a ransomware attack by the Ryuk ransomware. Epiq Global’s initial response to the detection of the attack was to take all their systems offline to contain the ransomware. Later that day, news came out that some of Epiq Global’s computers and systems were running older versions of operating systems and all Epiq’s 80 global offices and their computers had been affected by the attack.
The impact of the attack was the legal clients of Epiq Global were not able to access the important files on their e-Discovery platform.
The company confirmed that a team of cyber security experts are investigating the matter and the systems will be back online as soon as possible. The company also notified that they have not seen any traces of exfiltration or data leak.
The initial infection of Epiq Global network was in December 2019, when one of the computers on Epiq Global’s network had been infected with the TrickBot malware. TrickBot was most likely installed by the Emotet Trojan, which is known to gain access to networks through phishing emails.
Once TrickBot is installed, it will have harvested data from the victim’s machine, including passwords, files, and cookies, which it would later be used by the threat actors to lateral move through the network to spread TrickBot to gather more data. When the threat actors were done with collecting data and files from the network, they then deployed the Ryuk ransomware on the network’s devices using PowerShell Empire or PSExec.
Epiq Global did not yet confirm whether the ransom was paid by them or not but in general terms, the operators of Ryuk ransomware on an average, demand for $97,000 – $320,000.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
