RansomHub Ransomware Attack on Cameron, Hodges, Coleman, LaPointe, & Wright, P.A.: 100GB Data Exfiltrated
Incident Date:
July 16, 2024
Overview
Title
RansomHub Ransomware Attack on Cameron, Hodges, Coleman, LaPointe, & Wright, P.A.: 100GB Data Exfiltrated
Victim
Cameron, Hodges, Coleman, LaPointe, & Wright, P.A.
Attacker
Ransomhub
Location
First Reported
July 16, 2024
RansomHub Ransomware Attack on Cameron, Hodges, Coleman, LaPointe, & Wright, P.A.
Overview of the Attack
Cameron, Hodges, Coleman, LaPointe, & Wright, P.A., a prominent law firm specializing in insurance defense litigation, has fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 100GB of sensitive data and have threatened to publish it within two days if their demands are not met. The firm is currently assessing the breach and working to mitigate the potential fallout.
About the Victim
Founded in 1985 by A. Craig Cameron and other notable members of the Volusia County legal community, Cameron, Hodges, Coleman, LaPointe, & Wright, P.A. has built a reputation for excellence in legal representation. The firm, which was renamed in 2002 to reflect the contributions of its current partners, specializes in insurance defense, handling cases related to personal injury claims, products liability, and employment and labor law. The firm is recognized for its high ethical standards and legal ability, as evidenced by its "AV" rating from the Martindale-Hubbell Law Directory.
Vulnerabilities and Targeting
As a law firm dealing with sensitive client information, Cameron, Hodges, Coleman, LaPointe, & Wright, P.A. is an attractive target for ransomware groups. The firm's extensive handling of confidential insurance and legal documents makes it particularly vulnerable to data exfiltration and extortion. The attackers likely exploited vulnerabilities in the firm's cybersecurity infrastructure to gain access to their systems.
About RansomHub
RansomHub is a relatively new ransomware group that has quickly made a name for itself in the cyber threat landscape. Believed to have roots in Russia, RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, and has a history of attacking healthcare-related institutions. RansomHub's ransomware strains are written in Golang, a language that is becoming increasingly popular among ransomware developers.
Penetration Methods
RansomHub likely penetrated Cameron, Hodges, Coleman, LaPointe, & Wright, P.A.'s systems through a combination of phishing attacks and exploiting unpatched vulnerabilities. The use of Golang in their ransomware strains suggests a sophisticated approach, as this language is known for its efficiency and cross-platform capabilities. The group’s strategy of making claims and backing them up with data leaks adds pressure on victims to comply with their demands.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.