alphv attacks KKJM Lawfirm
Incident Date:
July 23, 2022
Overview
Title
alphv attacks KKJM Lawfirm
Victim
KKJM Lawfirm
Attacker
Alphv
Location
First Reported
July 23, 2022
KKJM Law Firm Targeted by Alphv Ransomware Group
Overview of the Attack
The Alphv ransomware group has claimed responsibility for an attack on KKJM Law Firm, a New Jersey-based litigation firm established in 1991. With a team comprising five dedicated attorneys and a robust support staff, KKJM Law Firm provides a plethora of legal services, including personal injury, criminal defense, elder law, and workers' compensation law.
This incident is part of a concerning trend of ransomware attacks that involve not only the encryption of data but also its exfiltration. The attackers threaten to make the data public unless a ransom is paid. This specific type of attack, known as Maze ransomware, is particularly insidious as it demands two ransoms: one for decrypting the data and another for ensuring its deletion.
The Significance of Targeting Law Firms
Law firms are particularly attractive targets for cybercriminals due to the sensitive nature of the data they handle. During the discovery process, for instance, sensitive information is amassed in on-premises systems, which are often outdated and lack adequate protection. In the breach of KKJM Law Firm, the attackers accessed highly sensitive data, including personal injury case diaries, fee agreements, and HIPAA consent forms.
The public disclosure by the Alphv ransomware group, including details such as the date of infiltration, the total volume of data stolen, and the IP addresses and machine names of the servers accessed, underscores the severity of the breach. This incident highlights the critical need for stringent data security practices, a lesson underscored by the $200,000 fine levied against Heidell, Pittoni, Murphy & Bach (HPMB) for inadequate data security measures following a ransomware attack.
Implications and Consequences
The attack on KKJM Law Firm is a stark reminder of the importance of robust data security measures. The legal sector, with its wealth of confidential information, must prioritize the protection of sensitive data to avoid the potentially devastating consequences of such breaches.
Sources
- Kitrick, McWeeney & Wells, LLC. (n.d.). New Jersey Law Firm | Kitrick, McWeeney & Wells, LLC.
- Logikcull. (2020, October 29). Maze Ransomware Hits Law Firms Hard-And It's Worse Than Ever Before.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.