Mewborn & DeSelms Law Firm Hit by BlackSuit Ransomware

Incident Date:

May 8, 2024

World map

Overview

Title

Mewborn & DeSelms Law Firm Hit by BlackSuit Ransomware

Victim

Mewborn & DeSelms, Attorneys at Law

Attacker

Black Suit

Location

Jacksonville, USA

North Carolina, USA

First Reported

May 8, 2024

Ransomware Attack on Mewborn & DeSelms, Attorneys at Law by BlackSuit

Overview

The law firm Mewborn & Deselms in the United States fell victim to a cyberattack orchestrated by the group identified as "Black Suit." Using ransomware, the attacker managed to breach their systems, resulting in the unauthorized access and extraction of 176 GB of data. This included confidential business records, employee details, financial information, and personal data from both shared and individual directories. The attacker proceeded to publicly release the stolen data, heightening the firm's vulnerability to additional breaches and potential legal ramifications.

Victim Profile

Mewborn & DeSelms, Attorneys at Law is a legal firm based in Jacksonville, North Carolina, serving clients for over 25 years. The firm offers a wide range of legal services, including workers' compensation claims, real estate transactions, wills and estates representation, personal injury representation, criminal defense, corporate and business representation, family law matters, and more.

Industry Standout

Mewborn & DeSelms stands out in the legal industry due to its dedication to providing personalized legal services to each client. The firm's lawyers take the time to understand each client's specific goals and concerns, offering tailored strategies to address their needs effectively. This client-centric approach ensures that individuals and businesses receive exceptional legal representation.

Vulnerabilities

The firm's vulnerabilities in being targeted by threat actors include the sensitive nature of the legal information they handle, such as business, employee, and financial data, as well as personal information. Additionally, the lack of specific details on the company's cybersecurity measures may have made them an attractive target for cybercriminals like BlackSuit.

Ransomware Group: BlackSuit

BlackSuit is a new ransomware family closely related to the notorious Royal ransomware group. The group targets both Windows and Linux systems, including critical VMware ESXi servers. BlackSuit appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in affected directories. The ransom note includes a reference to a Tor chat site where victims can contact the operators.

Researchers have found significant similarities between BlackSuit and Royal ransomware, with 98% similarity in functions, 99.5% similarity in code blocks, and 98.9% similarity in jumps. This suggests that BlackSuit may be a new variant developed by the same authors as Royal or an affiliate of the Royal ransomware gang that has implemented some modifications.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.