Mallox Ransomware Strikes Moshe Kahn Advocates

Incident Date:

June 7, 2024

World map

Overview

Title

Mallox Ransomware Strikes Moshe Kahn Advocates

Victim

Moshe Kahn Advocates

Attacker

Mallox

Location

Tel Aviv-Yafo, Israel

, Israel

First Reported

June 7, 2024

Mallox Ransomware Attack on Moshe Kahn Advocates

Overview of the Victim

Moshe Kahn Advocates, officially registered as משה כאהן חברת עורכי דין, is a prominent Israeli law firm located in Tel Aviv-Yafo. Established in 2007 by Moshe Kahn, the firm specializes in a wide range of legal services, including real estate, commercial law, litigation, and family law. The firm is known for its extensive international experience, with attorneys admitted to practice in both Israel and the United States. Their commitment to providing expert and personalized services has made them a trusted name in the legal sector.

Details of the Attack

On June 6, 2024, the ransomware group Mallox executed a cyberattack on Moshe Kahn Advocates. The attack was disclosed on Mallox's dark web leak site, identifying the victim as kahn.co.il. The extent of the data leak remains unknown. Mallox, also known as TargetCompany, FARGO, and Tohnichi, has been active since June 2021 and is notorious for exploiting unsecured MS-SQL servers to compromise networks. The group employs double extortion tactics, stealing data before encrypting files and threatening to publish the stolen data if ransom demands are not met.

About Mallox Ransomware Group

Mallox distinguishes itself by targeting Microsoft Windows systems and using brute forcing, data exfiltration, and network scanners in their attacks. The group has seen a significant increase in activity, with a 174% rise in incidents. They maintain a Tor-based leaks site for communication and ransom negotiations. Mallox's attacks span various industries, including legal services, making firms like Moshe Kahn Advocates vulnerable due to the sensitive nature of their data and the critical need for confidentiality in legal matters.

Potential Vulnerabilities

The attack on Moshe Kahn Advocates highlights potential vulnerabilities in their cybersecurity infrastructure. Law firms, given their reliance on sensitive client data, are attractive targets for ransomware groups. The exploitation of unsecured MS-SQL servers suggests that the firm may need to bolster its security measures, particularly in securing database servers and implementing robust access controls to prevent unauthorized access.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.