pandora attacks Jaffe Raitt Heuer & Weiss, P.C.

Incident Date:

March 17, 2022

World map

Overview

Title

pandora attacks Jaffe Raitt Heuer & Weiss, P.C.

Victim

Jaffe Raitt Heuer & Weiss, P.C.

Attacker

Pandora

Location

Southfield, USA

Minnesota, USA

First Reported

March 17, 2022

Jaffe Raitt Heuer & Weiss, P.C. Suffers Ransomware Attack by Pandora Group

Jaffe Raitt Heuer & Weiss, P.C., a law firm with over 800 attorneys in eight primary Midwest markets, has been targeted by the ransomware group Pandora. The attack was announced on the group's dark web leak site. The firm operates in the Law Firms & Legal Services sector, which has been a frequent target for ransomware attacks in recent years.

Company Size and Industry Standout

Jaffe Raitt Heuer & Weiss, P.C. is a mid-sized law firm with a significant presence in the Midwest. The firm's size and reach make it a notable player in the legal industry, particularly in the areas of corporate law, litigation, and intellectual property.

Vulnerabilities and Threat Actors

Ransomware attacks on law firms have become increasingly common, with threat actors exploiting vulnerabilities in email systems and cloud-based collaboration platforms to gain initial access to the victim's network. In the case of Jaffe Raitt Heuer & Weiss, P.C., the attack was carried out by the Pandora group, which has been known to target a wide range of industries, including law firms.

The Maze ransomware, which is often used by the Pandora group, typically involves the following steps:

  1. Infiltration: The attackers gain access to the victim's network, often through email attachments or misconfigured platforms.
  2. Encryption: Once inside, the attackers encrypt the victim's data, making it inaccessible without a decryption key.
  3. Extortion: The attackers demand a ransom in exchange for the decryption key or threaten to release the encrypted data to the public.

In the case of Jaffe Raitt Heuer & Weiss, P.C., the firm's data was exfiltrated before encryption, which is a newer tactic used by ransomware groups to increase the pressure on victims to pay the ransom.

Mitigation Strategies

To mitigate the risk of ransomware attacks, law firms and other organizations should focus on proactive prevention measures, such as:

  • Staying informed about the latest threats and vulnerabilities.
  • Training employees on email security and safe browsing practices.
  • Implementing robust security controls, such as data encryption and cloud-based software updates.
  • Following the principle of least privilege, granting access to data and administrative tools only to those who need it.

By taking these steps, organizations can reduce their vulnerability to ransomware attacks and better protect their sensitive data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.