pandora attacks Jaffe Raitt Heuer & Weiss, P.C.
Incident Date:
March 17, 2022
Overview
Title
pandora attacks Jaffe Raitt Heuer & Weiss, P.C.
Victim
Jaffe Raitt Heuer & Weiss, P.C.
Attacker
Pandora
Location
First Reported
March 17, 2022
Jaffe Raitt Heuer & Weiss, P.C. Suffers Ransomware Attack by Pandora Group
Jaffe Raitt Heuer & Weiss, P.C., a law firm with over 800 attorneys in eight primary Midwest markets, has been targeted by the ransomware group Pandora. The attack was announced on the group's dark web leak site. The firm operates in the Law Firms & Legal Services sector, which has been a frequent target for ransomware attacks in recent years.
Company Size and Industry Standout
Jaffe Raitt Heuer & Weiss, P.C. is a mid-sized law firm with a significant presence in the Midwest. The firm's size and reach make it a notable player in the legal industry, particularly in the areas of corporate law, litigation, and intellectual property.
Vulnerabilities and Threat Actors
Ransomware attacks on law firms have become increasingly common, with threat actors exploiting vulnerabilities in email systems and cloud-based collaboration platforms to gain initial access to the victim's network. In the case of Jaffe Raitt Heuer & Weiss, P.C., the attack was carried out by the Pandora group, which has been known to target a wide range of industries, including law firms.
The Maze ransomware, which is often used by the Pandora group, typically involves the following steps:
- Infiltration: The attackers gain access to the victim's network, often through email attachments or misconfigured platforms.
- Encryption: Once inside, the attackers encrypt the victim's data, making it inaccessible without a decryption key.
- Extortion: The attackers demand a ransom in exchange for the decryption key or threaten to release the encrypted data to the public.
In the case of Jaffe Raitt Heuer & Weiss, P.C., the firm's data was exfiltrated before encryption, which is a newer tactic used by ransomware groups to increase the pressure on victims to pay the ransom.
Mitigation Strategies
To mitigate the risk of ransomware attacks, law firms and other organizations should focus on proactive prevention measures, such as:
- Staying informed about the latest threats and vulnerabilities.
- Training employees on email security and safe browsing practices.
- Implementing robust security controls, such as data encryption and cloud-based software updates.
- Following the principle of least privilege, granting access to data and administrative tools only to those who need it.
By taking these steps, organizations can reduce their vulnerability to ransomware attacks and better protect their sensitive data.
Sources
- Jeff Kosc on LinkedIn: Taft Completes Merger With Jaffe Raitt Heuer & Weiss, P.C.
- Ransomware Attacks Hit Three Law Firms in Last 24 Hours - LawSites: https://www.lawsitesblog.com/2020/02/ransomware-attacks-hit-three-law-firms-in-last-24-hours.html
- The Ransomware Epidemic: Criminals Taking Advantage of Those Working from Home, Including Lawyers and Media Companies - American Bar Association: https://www.americanbar.org/groups/law_practice/publications/law_practice_magazine/2020/jf20/maher/
- Maze Ransomware Hits Law Firms Hard - Logikcull: https://www.logikcull.com/blog/maze-ransomware-law-firm
- The Top 10 Legal Industry Cyber Attacks - Arctic Wolf: https://arcticwolf.com/resources/blog/the-top-10-legal-industry-cyber-attacks
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.