Ransomware Attack Hits Winnipeg Law Firm Olschewski Davie
Incident Date:
July 30, 2024
Overview
Title
Ransomware Attack Hits Winnipeg Law Firm Olschewski Davie
Victim
Olschewski Davie Barristers & Solicitors
Attacker
Akira
Location
First Reported
July 30, 2024
Ransomware Attack on Olschewski Davie Barristers & Solicitors by Akira Group
Olschewski Davie Barristers & Solicitors, a prominent law firm based in Winnipeg, Canada, has recently fallen victim to a ransomware attack orchestrated by the Akira ransomware group. The attack, discovered on July 31, 2024, has raised significant concerns about the security of sensitive client information, particularly given the firm's specialization in real estate law services.
About Olschewski Davie Barristers & Solicitors
Established in 1997, Olschewski Davie Barristers & Solicitors operates from 590 Main Street in Winnipeg. The firm is relatively small, with an employee range between 10 to 19 people. Despite its modest size, the firm has built a reputation for providing comprehensive legal services, particularly in real estate law. They assist clients through various stages of real estate transactions, emphasizing client support from initial paperwork to the final handover of keys. Additionally, the firm offers services in immigration law, family law, and mediation, making it a versatile option for clients seeking legal representation in multiple areas.
Attack Overview
The ransomware attack on Olschewski Davie was claimed by the Akira ransomware group via their dark web leak site. While the exact size of the data leak remains unknown, the incident has undoubtedly compromised sensitive client information. The firm is now grappling with the implications of this breach and is working to mitigate the damage caused by the attack.
About the Akira Ransomware Group
Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including legal services. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. The group employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.
Penetration and Tactics
Akira's operators use unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's unique dark web leak site features a retro 1980s-style green-on-black interface that victims must navigate by typing commands.
Vulnerabilities and Impact
Olschewski Davie's relatively small size and the sensitive nature of their client data made them a prime target for ransomware attacks. The firm's commitment to client convenience, such as offering video signing of documents, may have inadvertently introduced vulnerabilities that threat actors like Akira could exploit. The breach has significant implications for the firm's reputation and the security of their clients' sensitive information.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.