Ransomware Attack Targets Hughes Gill Cochrane Tinetti
Incident Date:
September 24, 2024
Overview
Title
Ransomware Attack Targets Hughes Gill Cochrane Tinetti
Victim
Hughes Gill Cochrane Tinetti
Attacker
Cicada 3301
Location
First Reported
September 24, 2024
Ransomware Attack on Hughes Gill Cochrane Tinetti by Cicada 3301
Hughes Gill Cochrane Tinetti (HGCT), a law firm based in Walnut Creek, California, has fallen victim to a ransomware attack by the group Cicada 3301. Specializing in community association law, HGCT serves a wide range of clients, including homeowners associations and condominium projects across Northern California. The firm is known for its deep expertise and personalized service, making it a trusted partner for community associations.
Company Profile and Vulnerabilities
HGCT operates with a team of 11 attorneys, collectively bringing extensive experience in common interest development law. The firm’s focus on community associations has established it as a leader in its niche market. However, this specialization also makes it a prime target for cybercriminals seeking sensitive legal data. The firm's reliance on digital communication and data storage for client interactions may have exposed vulnerabilities that Cicada 3301 exploited.
Attack Overview
The ransomware attack was publicly disclosed on September 24, with Cicada 3301 claiming to have exfiltrated 152 GB of sensitive data. The stolen data has been made available on a dark web site, posing a significant threat to client confidentiality and operational security. This breach highlights the growing risk of ransomware attacks on law firms, which handle sensitive and valuable information.
About Cicada 3301
Cicada 3301 is a ransomware-as-a-service group that emerged in June. Unlike traditional ransomware groups, they focus on data exfiltration and long-term monetization rather than immediate ransom payments. Their operations involve a double-extortion model, threatening to release stolen data if demands are not met. The group is known for its sophisticated techniques, including the use of the Brutus botnet for initial access and ChaCha20 encryption for data protection.
Penetration Techniques
Cicada 3301 likely penetrated HGCT's systems through phishing campaigns or by exploiting vulnerabilities in VPN credentials. Their use of the Brutus botnet for brute-forcing access and advanced lateral movement techniques, such as PsExec, allowed them to navigate the firm's network undetected. The group's focus on data exfiltration before encryption maximizes the impact of their attacks, making recovery challenging for victims.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.