lockbit2 attacks Coteg & Azam advocates

Incident Date:

June 21, 2022

World map



lockbit2 attacks Coteg & Azam advocates


Coteg & Azam advocates




Rue de Metz, France

Toulouse, France

First Reported

June 21, 2022

Ransomware Attack on Coteg & Azam Advocates by Lockbit2

Lockbit2, a notorious ransomware group, has claimed responsibility for an attack on Coteg & Azam advocates, a law firm based in Toulouse, France. The company operates in the Law Firms & Legal Services sector and is known for its pluridisciplinary approach, combining legal and judicial expertise.

Coteg & Azam was founded by Maître Annick Amigo-Bouyssou and Maître Guy Azam, who are also the founders of the COTEG (Juridique) and AZAM SIREYJOL (Judiciaire) firms. The company has over 15 expert lawyers and has been in operation for more than half a century. They are members of the Alta-Juris International network, which allows them to leverage the expertise of 400 avocats for their clients.

The attack on Coteg & Azam is part of a larger trend of ransomware attacks targeting law firms and legal services. In 2022, the Lockbit2 group was involved in a campaign that targeted the GoAnywhere MFT platform, exploiting a zero-day vulnerability to gain access to victim networks. The group is known for its use of the 'double extortion' tactic, where it steals and encrypts victim data, refusing to restore access unless a ransom is paid.

The Lockbit2 group has been active since at least 2019 and has been associated with a range of tactics, including Ransomware as a Service (RaaS), initial access brokering, and large-scale spear-phishing campaigns. The group has been linked to several high-profile attacks, including those on Change Healthcare, a subsidiary of UnitedHealth Group, and Las Vegas casinos.

The attack on Coteg & Azam highlights the need for law firms and legal services to prioritize cybersecurity measures to protect their clients' sensitive information. This includes regular security updates, employee training, and the use of robust backup and recovery systems.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.