The Blake Law Firm Targeted by dAn0n Ransomware Group

Incident Date:

May 24, 2024

World map

Overview

Title

The Blake Law Firm Targeted by dAn0n Ransomware Group

Victim

The Blake Law Firm

Attacker

dAn0n

Location

Austin, USA

Texas, USA

First Reported

May 24, 2024

The Blake Law Firm Targeted by dAn0n Ransomware Group

Victim Overview

The Blake Law Firm, a legal services provider based in Phoenix, Arizona, specializing in real estate law, has fallen victim to a ransomware attack orchestrated by the dAn0n group. With a team of 10-50 employees, the firm has built a strong reputation in the legal industry, boasting a BBB accreditation since 2015 and positive client reviews.

Attack Details

The dAn0n ransomware group targeted The Blake Law Firm, stealing and leaking 740GB of sensitive data. This data breach exposed financial and legal information, employee and partner details, as well as comprehensive client data including personal information, signed contracts, and transaction records. The breach poses a significant threat to the firm's operations and the confidentiality of its clients' information.

Ransomware Group Overview

The dAn0n group, a new threat actor that emerged in April 2024, distinguishes itself by conducting data brokerage and ransomware attacks. Using phishing emails to gain initial access, the group deploys custom ransomware binaries and obfuscated scripts to execute the payload. They utilize tactics like privilege escalation and defense evasion to maintain persistence and evade detection.

Company Vulnerabilities

The Blake Law Firm's focus on real estate law and its standing in the legal industry may have made it an attractive target for threat actors like dAn0n. The firm's valuable client data and financial information could have motivated the ransomware group to launch the attack. Additionally, the firm's size, with a moderate number of employees, may have posed challenges in implementing robust cybersecurity measures to defend against sophisticated attacks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.