Mallox Ransomware Strikes Moshe Kahn Advocates
Incident Date:
June 7, 2024
Overview
Title
Mallox Ransomware Strikes Moshe Kahn Advocates
Victim
Moshe Kahn Advocates
Attacker
Mallox
Location
First Reported
June 7, 2024
Mallox Ransomware Attack on Moshe Kahn Advocates
Overview of the Victim
Moshe Kahn Advocates, officially registered as משה כאהן חברת עורכי דין, is a prominent Israeli law firm located in Tel Aviv-Yafo. Established in 2007 by Moshe Kahn, the firm specializes in a wide range of legal services, including real estate, commercial law, litigation, and family law. The firm is known for its extensive international experience, with attorneys admitted to practice in both Israel and the United States. Their commitment to providing expert and personalized services has made them a trusted name in the legal sector.
Details of the Attack
On June 6, 2024, the ransomware group Mallox executed a cyberattack on Moshe Kahn Advocates. The attack was disclosed on Mallox's dark web leak site, identifying the victim as kahn.co.il. The extent of the data leak remains unknown. Mallox, also known as TargetCompany, FARGO, and Tohnichi, has been active since June 2021 and is notorious for exploiting unsecured MS-SQL servers to compromise networks. The group employs double extortion tactics, stealing data before encrypting files and threatening to publish the stolen data if ransom demands are not met.
About Mallox Ransomware Group
Mallox distinguishes itself by targeting Microsoft Windows systems and using brute forcing, data exfiltration, and network scanners in their attacks. The group has seen a significant increase in activity, with a 174% rise in incidents. They maintain a Tor-based leaks site for communication and ransom negotiations. Mallox's attacks span various industries, including legal services, making firms like Moshe Kahn Advocates vulnerable due to the sensitive nature of their data and the critical need for confidentiality in legal matters.
Potential Vulnerabilities
The attack on Moshe Kahn Advocates highlights potential vulnerabilities in their cybersecurity infrastructure. Law firms, given their reliance on sensitive client data, are attractive targets for ransomware groups. The exploitation of unsecured MS-SQL servers suggests that the firm may need to bolster its security measures, particularly in securing database servers and implementing robust access controls to prevent unauthorized access.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.