lockbit2 attacks Virtus Advocats

Incident Date:

May 24, 2022

World map



lockbit2 attacks Virtus Advocats


Virtus Advocats




Riberaygua, Andorra

Andorra la Vella, Andorra

First Reported

May 24, 2022

Virtus Advocats Suffers Ransomware Attack by Lockbit2 Group

Virtus Advocats, a law firm based in Andorra, has been targeted by the ransomware group Lockbit2, as reported on their dark web leak site. The firm, which offers legal and economic services, has been hit by a ransomware attack that has led to the encryption of their data.

Company Profile

Virtus Advocats is a multidisciplinary team of lawyers and economists, providing services in labor, corporate, fiscal, and civil law. The firm is part of the CIM TAX&LEGAL group, which operates in Barcelona, Spain.

Industry and Vulnerabilities

The legal services sector has been a target for ransomware attacks, with the manufacturing sector being the most targeted vertical, followed by business services and retail. The use of zero-day and one-day vulnerabilities has led to a significant increase in ransomware victims, with smaller organizations being more vulnerable due to limited security resources.

Impact and Response

The ransomware attack on Virtus Advocats is part of a broader trend of ransomware groups shifting to zero-day exploitation, with the operators of the Cl0p ransomware family being particularly aggressive in their pursuit of zero-day vulnerabilities. The attack on Virtus Advocats underscores the need for organizations to prioritize patching of newly disclosed vulnerabilities and to understand the adversary's tactics, techniques, and procedures.

The ransomware attack on Virtus Advocats highlights the ongoing threat of ransomware to organizations across various industries. As ransomware groups continue to exploit zero-day vulnerabilities, it is crucial for organizations to maintain robust security measures and to be prepared to respond effectively to such attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.