{"id":4825,"date":"2020-03-03T11:38:37","date_gmt":"2020-03-03T02:38:37","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=4825"},"modified":"2021-07-15T11:58:16","modified_gmt":"2021-07-15T02:58:16","slug":"legal-service-provider-epiq-global-among-the-ransomware-attack-victims","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/legal-service-provider-epiq-global-among-the-ransomware-attack-victims\/","title":{"rendered":"Legal service provider Epiq Global among the Ransomware attack victims"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"4825\" class=\"elementor elementor-4825\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fc4b196 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fc4b196\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ddd05ab\" data-id=\"ddd05ab\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-73cf26a elementor-widget elementor-widget-text-editor\" data-id=\"73cf26a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On February 29<sup>th<\/sup>, 2021, Epiq Global, a highly recognized provider of legal services, experienced a ransomware attack by the Ryuk ransomware. Epiq Global\u2019s initial response to the detection of the attack was to take all their systems offline to contain the ransomware. Later that day, news came out that some of Epiq Global\u2019s computers and systems were running older versions of operating systems and all Epiq&#8217;s 80 global offices and their computers had been affected by the attack.<\/p><p>The impact of the attack was the legal clients of Epiq Global were not able to access the important files on their e-Discovery platform.<\/p><p>The company confirmed that a team of cyber security experts are investigating the matter and the systems will be back online as soon as possible. The company also notified that they have not seen any traces of exfiltration or data leak.<\/p><h2><span style=\"color: #000000;\"><strong>How it all happened<\/strong><\/span><\/h2><p>The initial infection of Epiq Global network was in December 2019, when one of the computers on Epiq Global&#8217;s network had been infected with the TrickBot malware. TrickBot was most likely installed by the Emotet Trojan, which is known to gain access to networks through phishing emails.<\/p><p>Once TrickBot is installed, it will have harvested data from the victim\u2019s machine, including passwords, files, and cookies, which it would later be used by the threat actors to lateral move through the network to spread TrickBot to gather more data. When the threat actors were done with collecting data and files from the network, they then deployed the Ryuk ransomware on the network&#8217;s devices using PowerShell Empire or PSExec.<\/p><h2><span style=\"color: #000000;\"><strong>Ransom paid or not?<\/strong><\/span><\/h2><p>Epiq Global did not yet confirm whether the ransom was paid by them or not but in general terms, the operators of Ryuk ransomware on an average, demand for $97,000 \u2013 $320,000.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On February 29th, 2021, Epiq Global, a highly recognized provider of legal services, experienced a ransomware attack by the Ryuk ransomware. Epiq Global\u2019s initial response to the detection of the attack was to take all their systems offline to contain the ransomware. Later that day, news came out that some of Epiq Global\u2019s computers and systems were running older versions<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":4844,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226,6,2],"tags":[],"class_list":["post-4825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-finance-and-legal","category-latest_news","category-ce_news"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2021\/07\/legal.jpg?fit=528%2C326&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/4825"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=4825"}],"version-history":[{"count":12,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/4825\/revisions"}],"predecessor-version":[{"id":5200,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/4825\/revisions\/5200"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/4844"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=4825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=4825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=4825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}