Legal Industry Faces Growing Ransomware Attacks And Data Breaches

Ransomware attacks have increasingly targeted the legal sector, with law firms becoming prime targets due to the highly sensitive data they hold. Per reporting from Comparitech, there have been 138 publicly confirmed ransomware attacks on legal firms globally, affecting at least 2.9 million records since 2018. The highest number of attacks occurred in 2023, with 45 incidents impacting 1.6 million records. 

Figure source: https://www.comparitech.com/blog/information-security/ransomware-attacks-law-firms/ 

The top 5 biggest ransomware attacks on legal companies based on records affected according to Comparitech

• Records affected: 637,620
• Data compromised: Client names, addresses, DOBs, SSNs 
• Aftermath: $8 million lawsuit filed 

• Records affected: 430,185
• Data compromised: Names, SSNs, driver's license numbers, medical/education information 
• Aftermath: $1.95 million settlement 

• Records affected: 370,001 
• Perpetrator: ALPHV/BlackCat group 
• Data compromised: 1.5TB including tax IDs, financial details, medical information 
• Aftermath: Ongoing class action lawsuit 

• Records affected: 341,650 
• Data compromised: Medicare information and other data 
• Notable: 9-month delay in notifying affected individuals 
• Aftermath: Facing class action lawsuit 

• Records affected: 255,160 
• Perpetrator: LockBit ransomware group 
• Data compromised: Personal health information 
• Aftermath: Class action filed; firm appealed in late 2023 

Ransomware attackers often employ double-extortion tactics, where they not only encrypt a firm's data but also steal it, threatening to release it on the dark web if their demands are not met. Law firms and in-house legal departments, particularly those handling corporate law, mergers and acquisitions, litigation, and other legal services, amass vast amounts of confidential corporate information and sensitive data, including tax returns. A data breach exposing this information could result in significant reputational damage.  

The financial demands of these attacks can be substantial. The average ransom demand for legal firms is approximately $2.47 million, although the average amount paid is lower at $1.65 million. The ransom demands can vary widely, from as low as $30,000 to as high as $21 million, as seen in the case of Grubman Shire Meiselas & Sacks, which faced a $21 million demand from the REvil ransomware group. 

Figure source: https://www.comparitech.com/blog/information-security/ransomware-attacks-law-firms/ 

Top 5 Largest Ransom Demands on Law Firms according to Comparitech

1: GrubmanShire Meiselas & Sacks (U.S., May 2020)  

• Initial demand: $21 million, escalated to $42 million 
• Attacker: REvil ransomware 
• Outcome: Firm refused to pay 
• Notable: Demand doubled due to high-profile client data (Donald Trump, Lady Gaga, and others)
  

2: Ward Hadaway (UK, March 2022)  

• Initial demand: $3 million, threatened increase to $6 million 
• Attacker: Lorenz ransomware 
• Outcome: Firm obtained injunction against attackers 
• Notable: Effectiveness of injunction against anonymous hackers is questionable 

3: Shook Lin & Bok (Singapore, April 2024)   

• Initial demand: $3 million, threatened increase to $6 million 
• Attacker: Lorenz ransomware 
• Outcome: Firm obtained injunction against attackers 
• Notable: Effectiveness of injunction against anonymous hackers is questionable 

4: UnitedLex (UK, March 2023)  

• Demand: $600,000 
• Attacker: Donut ransomware 
• Outcome: Firm refused to pay after negotiations 
• Notable: Demand reportedly below firm's insurance limit 

• Demand: $300,000
• Attacker: LockBit 
• Outcome: Unconfirmed, but reports suggest payment was made