Lance Tempest and Clop’s list of demands.
Kirkland & Ellis, Proskauer Rose and K&L Gates have all been clobbered in a ransomware attack.
The firms were exposed as a result of a vulnerability in third-party software used to transfer files, which was exploited by a hacker calling themselves ‘Lance Tempest’ tied to the Clop cybercrime group.
MOVEit Transfer was infiltrated at the end of May via an SQL injection bug (no idea, ask IT), and although MOVEit offered its clients a patch to fix the flaws soon afterwards, not all of them applied it, while for others it was already too late.
Clop directed its victims to a post on the darkweb where it introduced itself as an organisation which offered a “penetration testing service after the fact” and told victims to “relax because your data is safe”.
It gave the first wave of victims until 14 June to contact it, otherwise their identities would be posted publicly. It appears the firms resisted or were unable to download the Tor darkweb browser in time, because their names began appearing once the deadline expired alongside more than 100 others, including the UK press regulator Ofcom, EY, PWC, Shell, and Aon.
Unlike some cybercriminal groups, Clop doesn’t specify an exact ransom sum and a cryptocurrency address for payment. Instead it provides a contact email address and then moves the conversation to an online chat feature on its darkweb site, where it enters into negotiations.
The extortion group, thought to be Russian in origin, has said that if a hacked company doesn’t agree a price within three days of being contacted, it will publish their stolen data after a week has elapsed.
Cypfer, an internet ransomware negotiation team, said the gang’s extortion demands “are typically very high” and begin at $3m.
The US government has now placed a $10m bounty on Clop’s leader, who may or may not be called Lance Tempest in real life.
RollOnFriday asked the affected firms what data the bastards* took, how much money they were demanding, and whether the firms were paying up or resisting, however they did not respond to a request for comment.
Law firms are attractive and frequent targets for hackers, although some have been criticised for their efforts to educate staff about phishing. Hacking also occurs within firms: earlier this year a junior solicitor sued the owner of a law firm for allegedly hacking into her WhatsApp account and disclosing private messages “of the most intimate kind”.
*not really, we bet you’re really nice, Clop, and ROF is well aware that you could slice through this orange, hamster-driven mainframe like a knife through butter so there’s need to prove it, ok?