bianlian attacks Meisenkothen

Incident Date:

October 4, 2022

World map



bianlian attacks Meisenkothen






New York, USA

New York, USA

First Reported

October 4, 2022

ELSM Law Firm Suffers Ransomware Attack by Bianlian Group

The Bianlian ransomware group has claimed responsibility for an attack on the law firm Early, Lucarelli, Sweeney & Meisenkothen (ELSM), also known as ELSM Law Firm, which operates in the Law Firms & Legal Services sector. ELSM is a nationally recognized law firm with over 40 years of experience in handling asbestos litigation and has obtained nearly $5 billion in total settlements on behalf of their clients.

The attack on ELSM Law Firm is part of a broader trend of ransomware attacks targeting law firms. In 2021, the LockBit ransomware variant, which is associated with the Bianlian group, was responsible for attacks on multiple law firms, including those in the manufacturing, logistics, insurance, and other industries. The LockBit ransomware variant, like other major ransomware variants, operates in the "ransomware-as-a-service" (RaaS) model, where developers design the ransomware, recruit affiliates to deploy it, and maintain an online software dashboard to provide affiliates with the tools necessary to deploy the ransomware within the victim's computer system.

The Bianlian group's attack on ELSM Law Firm highlights the vulnerabilities of law firms to ransomware attacks. Law firms often handle sensitive client data, making them attractive targets for cybercriminals. Additionally, the legal industry has been identified as a top target for ransomware attacks, with several high-profile cases reported in recent years.

To mitigate the risks of ransomware attacks, law firms should implement robust cybersecurity measures, such as regular software updates, employee training, and data backups. They should also be prepared to respond to incidents effectively, including having a well-defined incident response plan and working closely with law enforcement and cybersecurity experts.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.