alphv attacks Davis Law Grou.
Incident Date:
March 24, 2022
Overview
Title
alphv attacks Davis Law Grou.
Victim
Davis Law Grou.
Attacker
Alphv
Location
First Reported
March 24, 2022
Davis Law Group Suffers Ransomware Attack by Alphv/BlackCat Group
The Davis Law Group, operating within the Law Firms & Legal Services sector, recently fell victim to a ransomware attack orchestrated by the Alphv/BlackCat group, as disclosed on their dark web leak site. This law firm, known for its specialization in a broad range of legal services including estate planning, corporate and business transactions, probate and trust administration, civil litigation, and more, encountered a significant cybersecurity threat from one of the most active ransomware-as-a-service operations.
The attack was mitigated to some extent by the prompt response of the firm's IT team, which immediately blocked all external network traffic. Despite these efforts, the attackers succeeded in exfiltrating confidential data over a period of approximately 30 days, exploiting vulnerabilities in the network of a third-party vendor. Following several attempts at data exfiltration, the BlackCat group issued a ransom demand, subsequently leaking the stolen data on their platform when their demands were not met.
Employing a dual extortion tactic, the Alphv/BlackCat group not only encrypts the victim's data but also threatens to publish it unless a ransom is paid. This method has been used against a variety of targets, including critical infrastructure sectors such as healthcare, government, and emergency services.
The incident at Davis Law Group underscores the pervasive risk of ransomware attacks across all sectors, emphasizing the necessity for comprehensive cybersecurity defenses. These defenses include regular data backups, thorough employee training, and strategic incident response planning to mitigate the impact of such attacks.
The breach serves as a stark reminder of the relentless nature of cyber threats and the need for constant vigilance and proactive cybersecurity measures to safeguard sensitive information and assets.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.