Akira Ransomware Group Targets Wilmot & Co Solicitors LLP, Threatens Data Leak

Incident Date:

June 28, 2024

World map



Akira Ransomware Group Targets Wilmot & Co Solicitors LLP, Threatens Data Leak


Wilmot & Co Solicitors LLP




Cirencester, United Kingdom

, United Kingdom

First Reported

June 28, 2024

Ransomware Attack on Wilmot & Co Solicitors LLP by Akira Group

Overview of Wilmot & Co Solicitors LLP

Wilmot & Co Solicitors LLP is a well-established law firm based in Cirencester, Gloucestershire, UK. The firm specializes in conveyancing, probate, trusts, and classic car litigation. Known for combining a friendly approach with traditional values of good service, Wilmots aims to provide the best advice tailored to their clients' needs, whether for everyday legal questions or complex issues. The firm operates as a limited liability partnership and employs nine SRA-regulated solicitors.

Details of the Ransomware Attack

Wilmot & Co Solicitors LLP recently fell victim to a ransomware attack orchestrated by the Akira ransomware group. The attackers have threatened to upload a significant amount of sensitive personal documents, including passports, birth certificates, and driver's licenses of clients, as well as numerous court documents and hearing records. This breach poses a severe risk to the privacy and security of Wilmots' clients.

The attack was announced on Akira's dark web leak site, which features a retro 1980s-style green-on-black interface. The ransomware group employs double extortion tactics, stealing data from victims before encrypting their systems and demanding a ransom for both decryption and data deletion.

About the Akira Ransomware Group

Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, as their code shares similarities with Conti.

Akira's ransom demands typically range from $200,000 to over $4 million. The group has been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration and has also deployed a previously unreported backdoor in some cases. In April 2023, Akira expanded its operations to target Linux-based VMware ESXi virtual machines in addition to Windows systems. As of January 2024, the group has claimed over 250 victims and $42 million in ransomware proceeds.

Potential Vulnerabilities and Attack Penetration

Wilmot & Co Solicitors LLP, like many law firms, handles a significant amount of sensitive and confidential information, making it an attractive target for ransomware groups like Akira. The firm's reliance on digital systems for managing client data, court documents, and other legal records presents potential vulnerabilities that threat actors can exploit.

Akira's tactics include unauthorized access to VPNs, credential theft, and lateral movement to deploy the ransomware. The group may have penetrated Wilmots' systems through phishing attacks, exploiting unpatched software vulnerabilities, or leveraging weak security protocols. The exact method of entry in this case remains unclear, but the consequences of the breach are severe, given the nature of the data involved.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.