LockBit Ransomware Group Targets Frilot LLC in Devastating Cyber Attack

Frilot LLC, a prominent law firm based in New Orleans, Louisiana, has become the latest victim of a ransomware attack orchestrated by the notorious LockBit group. The attack, discovered on July 29, has raised significant concerns about the security of sensitive legal information handled by the firm.

About Frilot LLC

Established in 1995 by George A. Frilot III and 22 other litigators, Frilot LLC provides comprehensive legal services across various areas of litigation. The firm represents clients on local, regional, and national levels before all types of courts, administrative agencies, and tribunals. Known for its exceptional trial skills and ability to manage complex litigation issues, Frilot LLC serves a diverse clientele, including startups and Fortune 100 companies.

Frilot LLC's practice areas include admiralty and maritime law, agricultural and agribusiness law, insurance coverage, and defense litigation. The firm prides itself on delivering high-quality legal services at reasonable costs while maintaining professional integrity. Its attorneys also act as business advisors and strategic partners, fostering long-term professional relationships with clients.

Attack Overview

The ransomware attack on Frilot LLC was claimed by the LockBit group via their dark web leak site. While the exact size of the data leak remains unknown, the incident has highlighted the vulnerabilities of law firms in being targeted by sophisticated cybercriminals. The attack has potentially compromised sensitive legal information, posing significant risks to the firm's clients and operations.

About LockBit

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid.

LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. The ransomware is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. It also performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region.

Penetration and Impact

LockBit likely penetrated Frilot LLC's systems by exploiting vulnerabilities in RDP services or unsecured network shares. The ransomware's modular design and encryption techniques make it difficult to detect and analyze, allowing it to spread rapidly within the network. The attack has disrupted Frilot LLC's operations and compromised sensitive legal data, underscoring the critical need for enhanced cybersecurity in the legal sector.

Sources

• Frilot LLC
• SOCRadar - LockBit.0 Ransomware
• TXOne Networks - Malware Analysis: LockBit.0
• Red Piranha - A Look at LockBit Ransomware
• Cyber.gov.au - LockBit.0 Ransomware Profile