Frilot LLC Hit by LockBit Ransomware in Major Cyber Attack

Incident Date:

July 31, 2024

World map

Overview

Title

Frilot LLC Hit by LockBit Ransomware in Major Cyber Attack

Victim

Frilot LLC

Attacker

Lockbit3

Location

New Orleans, USA

Louisiana, USA

First Reported

July 31, 2024

LockBit Ransomware Group Targets Frilot LLC in Devastating Cyber Attack

Frilot LLC, a prominent law firm based in New Orleans, Louisiana, has become the latest victim of a ransomware attack orchestrated by the notorious LockBit group. The attack, discovered on July 29, has raised significant concerns about the security of sensitive legal information handled by the firm.

About Frilot LLC

Established in 1995 by George A. Frilot III and 22 other litigators, Frilot LLC provides comprehensive legal services across various areas of litigation. The firm represents clients on local, regional, and national levels before all types of courts, administrative agencies, and tribunals. Known for its exceptional trial skills and ability to manage complex litigation issues, Frilot LLC serves a diverse clientele, including startups and Fortune 100 companies.

Frilot LLC's practice areas include admiralty and maritime law, agricultural and agribusiness law, insurance coverage, and defense litigation. The firm prides itself on delivering high-quality legal services at reasonable costs while maintaining professional integrity. Its attorneys also act as business advisors and strategic partners, fostering long-term professional relationships with clients.

Attack Overview

The ransomware attack on Frilot LLC was claimed by the LockBit group via their dark web leak site. While the exact size of the data leak remains unknown, the incident has highlighted the vulnerabilities of law firms in being targeted by sophisticated cybercriminals. The attack has potentially compromised sensitive legal information, posing significant risks to the firm's clients and operations.

About LockBit

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid.

LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. The ransomware is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. It also performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region.

Penetration and Impact

LockBit likely penetrated Frilot LLC's systems by exploiting vulnerabilities in RDP services or unsecured network shares. The ransomware's modular design and encryption techniques make it difficult to detect and analyze, allowing it to spread rapidly within the network. The attack has disrupted Frilot LLC's operations and compromised sensitive legal data, underscoring the critical need for enhanced cybersecurity in the legal sector.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.