Big law firm shuts down operations due to ransomware attack; users unable to access their files

Ethical hacking specialists report a serious ransomware incident that has infected internal networks at TrialWorks, a platform that provides a legal case management software service. During the incident, more than 10% of the platform’s users were unable to access their accounts and files.

The incident would have occurred during the first two weeks of October, affecting dozens of major law firms and individual users. Because of this infection, the legal firms impacted have had to request the postponement of some cases in court, as it is not possible for them to submit their documentation at this time.

TrialWorks released a statement saying that they were already working with cybersecurity firms to address the incident, adding that users would not be able to access their accounts during the recovery process: “Thank you for your patience; the recovery process will take a few more days, so users will have limited access to our systems this week,” the company’s message concludes.

A snippet of TrialWorks’ statement

The company did not add details about its recovery process, although ethical hacking specialists from the specialized platform BleepingComputer believe that it is highly possible that TrialWorks has decided to pay the ransom to hackers, as TrialWorks It only took a couple of days to announce that their systems were already free of any trace of encryption malware. Details about the ransomware variant used by attackers are also unknown, although the features of the attack bear similarities to an incident a couple of weeks ago against a medical software company, attributed to the group hackers known as REvil/Sodinokibi, which employs the malware variant of the same name.

“This ransomware variant is linked to multiple high-profile infections, perpetrated by at least 40 threat actors around the world,” say the experts in ethical hacking. Those responsible for these attacks focus on software vendors and government organizations. Although it is speculated that the company paid the ransom to regain access to its systems as soon as possible, experts mention that the service will remain inaccessible for the next few days, even if hackers hand decryption keys over the victims, the process to remove encryption takes a few days.

After its merge with Needles, another legal software platform, TrialWorks reached a total of 40,000 active users, belonging to about 2,500 legal firms; an estimated 4,000 users would have had the impact of the infection.

While the company decided to pay the ransom to hackers, and even the FBI has included payment as a possibility to recover files in its guide to dealing with cybersecurity incidents, ethical hacking specialists from the International Institute of Security Cyber (IICS) claim that giving in to the demands of attackers only gives them greater resources to continue their malicious operations or even implement new forms of attack.

Update from TrailWorks

TrialWorks was recently targeted by a ransomware incident that did not affect our software but did prevent approximately 5 percent of our customers, whose IT infrastructure we host, from accessing their accounts. Upon learning of this incident, we promptly commenced an internal investigation and retained independent cybersecurity experts to help us respond to this incident. We have been working around the clock to restore normal operations for our customers as quickly as possible, and nearly all customers have had access restored within a week. We continue to be in direct communication with our customers throughout this restoration process, and regret any concern or inconvenience this incident may have caused. Our investigation remains ongoing, and we are committed to continuing to take steps to enhance the security of our systems and to reduce our time to restoration as these incidents become all too common in today’s world.