Ransomware Attack on Virginia Law Firm by Hunters International
Incident Date:
August 28, 2024
Overview
Title
Ransomware Attack on Virginia Law Firm by Hunters International
Victim
Rinehart Butler Hodge Moss & Bryant
Attacker
Hunters International
Location
First Reported
August 28, 2024
Ransomware Attack on Rinehart Butler Hodge Moss & Bryant by Hunters International
Rinehart, Butler, Hodge, Moss & Bryant, PLC, a law firm based in Stafford, Virginia, has recently fallen victim to a ransomware attack orchestrated by the notorious group known as Hunters International. The firm, which specializes in family law and domestic issues, is now grappling with the severe implications of this breach.
Company Profile
Rinehart, Butler, Hodge, Moss & Bryant, PLC operates from its office at 1259 Courthouse Road, Stafford, VA 22554. The firm is notable for its comprehensive range of legal services, particularly in areas such as divorce, child custody, spousal support, and domestic abuse. With a team of 10 to 19 staff members, the firm prides itself on offering personalized legal services. Despite its small size, the firm has established a strong reputation in the local legal landscape, focusing primarily on family law matters.
Attack Overview
The ransomware attack, claimed by Hunters International, has resulted in the exfiltration of a significant amount of sensitive data from the law firm. The attackers have disclosed that they have accessed 268.3 GB of data, encompassing 277,904 files. This includes bills, client information, email details, and case files. Additionally, the attackers have provided screenshots as evidence of their access to the firm's information. Among the stolen data, there is specific mention of current case details and further client information, totaling an additional 61 GB across 33,653 files. This breach poses a severe risk to the confidentiality and integrity of the firm's operations and client trust.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International's ransomware code contains approximately 60% overlap with samples of Hive ransomware version 61, indicating a shared technical lineage. The group's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.
Penetration and Impact
While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in the firm's cybersecurity infrastructure. Given the firm's relatively small size and specialized focus, it may not have had the necessary cybersecurity measures to fend off such a sophisticated attack. The breach has resulted in significant data breaches, financial losses, and reputational damage to the firm.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.