Cyberattack On A&O Highlights Perils Of Law Firm Mergers
Picture: Law 360 London
Article Excerpt:
A cyberattack against Allen & Overy LLP could be a measure of the firm's own success and a reminder of the perils of mergers in one of the prime target sectors for criminals.
Tuesday was the deadline for the Magic Circle firm to pay a ransom to LockBit, the organization thought likely to be behind a ransomware attack against Allen & Overy earlier in November. But a day earlier, the group had reportedly removed Allen & Overy from its website, prompting speculation that the firm had paid a ransom ahead of the deadline.
Evan Vougdis, one of our Cyber Directors and a specialist in Cyber Threat Intelligence provided comment in this article:
Evan Vougdis, a director at NSB Cyber, said “that it's not necessarily uncommon for victims of ransomware to be posted and subsequently removed from respective leak sites, which he described as "inherently fluid in nature".
This could happen for a number of reasons, and not just because a company has agreed to pay the ransom.”
"In the case of Allen & Overy, it's too early to comment as to which way this has swung. However, a likely avenue could be engagement with LockBit for the purpose of gathering further information about their unique incident," Vougdis said.
“For example, on how the attackers were able to gain access to the firm's systems, what they took or "exfiltrated" or because they are providing encrypted samples back to LockBit for sample decryption.”
"Or in the case of Royal Mail UK simply entering negotiations for the purpose of ensuring that, from a legal and privacy perspective, the business is ready to face any regulatory or legal challenges," he said.
.. "Whilst the legal sector in and of itself is likely not a unique and prime target, it's clear that there has been a significant targeting of the broader professional services sector in 2023, with our intelligence indicating it having the highest number of ransomware victims this year," said Vougdis.
Source: Law 360 London - Tuesday 28 November 2023.
Author: Marialuisa Taddia
Reference: Cyberattack On A&O Highlights Perils Of Law Firm Mergers.