Ransomware Attack on Goede, DeBoest & Cross by Rhysida Group: Details and Impact
Incident Date:
July 15, 2024
Overview
Title
Ransomware Attack on Goede, DeBoest & Cross by Rhysida Group: Details and Impact
Victim
Goede, DeBoest & Cross, PLLC.
Attacker
Rhysida
Location
First Reported
July 15, 2024
Ransomware Attack on Goede, DeBoest & Cross, PLLC by Rhysida Group
Overview of Goede, DeBoest & Cross, PLLC
Goede, DeBoest & Cross, PLLC (GD&C) is a mid-sized law firm based in Florida, established in 2013 through the merger of Goede & Adamczyk, PLLC and the Condo & HOA Law Group, PLLC. The firm is led by partners John Goede, Richard DeBoest, and Brian Cross, who collectively bring over 73 years of legal experience. GD&C specializes in a wide range of legal services, including community association law, real estate, commercial litigation, estate planning, and personal injury. The firm employs between 11 to 50 individuals, fostering a collaborative environment that emphasizes client-centered legal solutions.
Details of the Ransomware Attack
The Rhysida ransomware group has claimed responsibility for a cyberattack on Goede, DeBoest & Cross, PLLC. The attack was announced on Rhysida's dark web leak site, indicating a successful breach. The specifics of the data compromised have not been disclosed, but the attack underscores the persistent threat posed by ransomware actors to the legal sector.
About the Rhysida Ransomware Group
The Rhysida Ransomware Group emerged in May 2023 and has quickly gained notoriety for targeting sectors such as education, healthcare, manufacturing, information technology, and government. Rhysida ransomware is written in C++ and primarily targets Windows operating systems. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish the data unless a ransom is paid. Rhysida uses the ChaCha20 encryption algorithm and demands Bitcoin payments through a TOR-based portal.
Potential Vulnerabilities and Attack Vectors
GD&C, like many law firms, handles sensitive client information, making it an attractive target for ransomware groups. The Rhysida group likely penetrated GD&C's systems through phishing campaigns or by leveraging valid credentials obtained through other means. Once inside, the group used tools like PsExec for lateral movement and encrypted files using the ChaCha20 algorithm. The firm's reliance on digital records and communication channels may have further exposed it to such attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.