ALPHV attacks Casepoint

Incident Date:

May 30, 2023

World map



ALPHV attacks Casepoint






Mclean, USA

Virginia, USA

First Reported

May 30, 2023

Casepoint Hit by Ransomware Attack

Casepoint, a legal technology platform based in Virginia, US, has been hit with a ransomware attack. In a post on its data leak site, BlackCat ransomware gang claims to have stolen over 2TB of company data, including attorney files and “many other things you have tried so hard to keep.” Casepoint employs over 400 people and boasts an annual revenue of $275 million. It works with US government agencies including the Securities and Exchange Commission and the Department of Defense, as well as major companies such as Marriott Hotels.

Details of the Breach

BlackCat’s blog post, published May 30, includes sample data such as visa details, reports, and certificates. While BlackCat hasn’t given a ransom deadline or amount, the post reads: “We encourage you to get in touch or we’ll start posting your data on our blog soon.” Casepoint has as yet not commented on the incident.

About BlackCat Ransomware

BlackCat, also known as ALPHV, is a ransomware operation that first surfaced in November 2021. It is a possible rebrand of the DarkSide ransomware gang, which was responsible for the infamous Colonial Pipeline incident in 2021. BlackCat is somewhat of a pioneer in ransomware circles, hosting their data leak site on the public internet rather than the dark web.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.