Ransomware, Americas, Content, Europe

Cl0p Hackers Hit Three of the Biggest U.S. Law Firms in Large Ransomware Attack

Hacker man working on computers alone in dark room, rear view.

Three of the largest U.S. law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people, reports said.

Who Got Hit?

Law firms Kirkland & Ellis, K&L Gates and Proskauer Rose were the hacking group’s primary legal targets this time around, according to RollOnFriday, a London, U.K.-based legal professional website. The gang has posted the names of the law firms on their leak site, along with dozens of other victims. The break-in was reportedly orchestrated over the Memorial Day weekend.

Cl0p is known for its large ransom demands, at times starting at $3 million for a opening negotiating point. That it has posted the law firms' names on its leak site may indicate that talks have broken down.

The U.S. Department of Health and Human Services (HHS) was among those affected by the wide-ranging campaign, according to a Reuters report.

"While no HHS systems or networks were compromised, attackers gained access to data by exploiting the vulnerability in the MOVEit Transfer software of third-party vendors," a health department official told Reuters.

Russia-Linked Attacks

The attackers, who identified themselves as “Lance Tempest,” are linked to the Russian-based crew, which is tracked as TA505. The group, which has encrypted data belonging to hundreds of universities, financial organizations and multinational corporations, has been exploiting a flaw in Progress Software’s MOVEit software used to transfer files since 2021.

Cl0p is said to have capitalized on the MOVEit vulnerability, which has twice been patched, to compromise nearly 200 companies. Many of the disrupted organizations have apparently not applied the patches, leaving the door open for the Cl0p operatives.

Law firms are a particularly attractive target for the depth of extort-able personal information they hold from individuals and companies plus the dual threat of publishing it publicly should a ransom demand go unmet. The group has previously insisted it doesn't deliberately steal data from government organizations,

Last month, the US State Department placed a $10 million bounty on Cl0p’s leader, seeking information tying the group to a foreign government.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.