Ransomware Attack on KUHN RECHTSANWÄLTE GMBH: Cyber Threats and Vulnerabilities

Incident Date:

May 10, 2024

World map

Overview

Title

Ransomware Attack on KUHN RECHTSANWÄLTE GMBH: Cyber Threats and Vulnerabilities

Victim

KUHN RECHTSANWÄLTE GMBH

Attacker

Monti

Location

Vienna, Austria

, Austria

First Reported

May 10, 2024

Ransomware Attack on KUHN RECHTSANWÄLTE GMBH

Victim Profile

KUHN RECHTSANWÄLTE GMBH, a commercial law firm based in Vienna, Austria, was targeted in a ransomware attack by the cybercriminal group Monti. The firm, founded in 1988 by Dr. Christian Kuhn, specializes in providing legal advice to Austrian companies, private foundations, individuals, and non-profit organizations. With a team of eight jurists, KUHN RECHTSANWÄLTE GMBH focuses on areas such as corporate law, mergers and acquisitions, estate law, and more.

Company Size and Industry

KUHN RECHTSANWÄLTE GMBH operates in the legal sector and is a relatively small-sized firm with eight jurists. The firm's specialization in corporate law, private foundation law, and other legal areas sets it apart in the industry.

Standout Features

One standout feature of KUHN RECHTSANWÄLTE GMBH is its historical connection, as its current premises were once inhabited by Franz Werfel and Alma Mahler-Werfel in the early 20th century. Additionally, the firm's involvement in various roles in foundations, supervisory boards, and associations showcases its diverse engagement in different sectors and organizations.

Vulnerabilities and Attack Details

The ransomware attack on KUHN RECHTSANWÄLTE GMBH resulted in the exfiltration of 180 GB of data, although the specific data type remains undisclosed. The attackers, led by Monti, have set a ransom deadline of June 10th, 2024, with the ransom demand unspecified. The attack highlights the vulnerability of the firm's systems to cyber threats, potentially due to inadequate cybersecurity measures or employee awareness.

Ransomware Group Tactics

Monti, the ransomware group behind the attack, distinguishes itself by targeting high-value entities such as legal and government organizations. The group utilizes a Linux-based ransomware variant with a low similarity rate to previous ransomware strains, enhancing its ability to evade detection. Monti also employs public shaming tactics by threatening non-compliant companies with exposure on their data leak site's "Wall of Shame."

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.