Ransomware hackers expose confidential documents of high-profile legal firm

The cybercriminal group responsible for operating the dangerous Clop ransomware decided to expose a large stolen database from US law firm Jones Day via a dark web hacking forum. This is a very prestigious firm that has high-profile clients, including former U.S. President Donald Trump; the company also provides legal assistance to major transnational firms such as JPMorgan Chase, Alphabet Inc., McDonald’s and Walmart.

This report was initially filed by the computer security platform Databreaches.net, from where they report that the hackers decided to filter this sensitive data after the firm refused to pay a ransom. 

In this regard, the spokesperson for the legal firm mentioned that the hackers managed to compromise Accellion FTA, the file transfer service used by Jones Day to access this data, so the legal firm’s networks are completely safe. However, hackers claim that they did directly access Jones Day’s servers by abusing some security weaknesses in their critical infrastructure.

As if that were not enough, threat actors would also have accessed some secondary systems linked to Accellion, although they claim that the compromised data was not encrypted after access and theft of information. Like other ransomware operator groups, Clop maintains an anonymous website on Tor to post threats and expose sensitive information from its victims if their economic demands are not met.

On this website, hackers announced the theft of about 100 GB of confidential information belonging to Jones Day, including details such as email addresses and potentially sensitive legal documents. While some records appear to be out of date, much information would have been collected shortly before January 21, 2021.  

Some of the screenshots shared by cybercriminals and retrieved by ethical researchers and hackers can show memos labeled “confidential”, as well as correspondence between legal representatives and judges. At the moment no one has been able to determine the authenticity of this information, although experts believe that they are most likely legitimate documents.

It’s barely been a couple of months since 2021 and Jones Day is already the second legal firm affected by a cyberattack that leads to the exposure of confidential information. The previous incident, which occurred at a law firm that was not named, would also have occurred due to abuse of the Accellion platform, which offers its services to multiple law firms. The company claims that the necessary measures are being implemented to prevent such security incidents, although it was not even specified what kind of error the threat actors exploited.