Ransomware Breach at MacGillivray Law Exposes Sensitive Data
Incident Date:
September 30, 2024
Overview
Title
Ransomware Breach at MacGillivray Law Exposes Sensitive Data
Victim
MacGillivray Law
Attacker
Meow
Location
First Reported
September 30, 2024
Ransomware Attack on MacGillivray Law: A Detailed Analysis
MacGillivray Law, a prominent personal injury and disability law firm in Atlantic Canada, recently fell victim to a cyberattack orchestrated by the Meow Ransomware group. This breach led to the exfiltration of over 110 GB of sensitive data, encompassing client and employee information, financial documents, and legal contracts. The incident poses substantial risks to the firm's operations and reputation.
About MacGillivray Law
Established in 1994 by Jamie MacGillivray, the firm has grown into the largest injury and disability law practice in Atlantic Canada. With offices in Halifax, New Glasgow, Moncton, and St. John's, MacGillivray Law employs over 100 professionals, including a diverse team of multilingual lawyers. The firm is celebrated for its expertise in personal injury and insurance law, operating on a contingency fee basis to ensure legal representation is accessible to all clients.
Attack Overview
The Meow Ransomware group has taken responsibility for the attack on MacGillivray Law, which involved the theft of highly confidential data. The compromised information includes personal data such as dates of birth and driver's license scans, alongside business proposals and internal financial documents. This breach highlights the firm's vulnerabilities, particularly in data protection and cybersecurity measures.
About Meow Ransomware
Emerging in late 2022, Meow Ransomware is linked to the Conti v2 ransomware variant. The group is notorious for targeting industries with sensitive data, such as healthcare and legal services. They utilize various infection methods, including phishing emails and exploiting RDP vulnerabilities, to infiltrate systems. Meow Ransomware is distinguished by its data leak site, where they list victims who have not paid the ransom.
Potential Vulnerabilities
MacGillivray Law's dependence on digital systems for managing sensitive client and case information makes it an attractive target for ransomware attacks. The firm's extensive use of technology to streamline legal processes may have inadvertently exposed vulnerabilities that threat actors like Meow Ransomware could exploit. This attack underscores the critical need for effective cybersecurity measures to guard against such threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.