There are about a dozen government organizations among the company's clients, isn't it dangerous to scatter confidential data like that?
Australian law firm HWL Ebsworth confirmed to local media that its internal networks had been compromised. This happened after the ALPHV/BlackCat ransomware gang began leaking data that they claim was stolen from an Australian company.
HWL Ebsworth is one of Australia's largest law firms with hundreds of millions of dollars in annual revenue. The company's staff includes about 2,000 employees, and nine offices of the company operate throughout the country.
Last night, the ALPHV/BlackCat ransomware gang released 1.45 terabytes of data containing over a million documents allegedly stolen from HWL Ebsworth's systems in April of this year. Now cybercriminals threaten the company with more information leaks if the latter does not comply with their demands.
A spokesman for the firm told ABC that the company would not make a deal with the attackers, even if it means that it and its customers will have to suffer the consequences of a very serious data breach.
“We take our ethical and moral responsibilities to society very seriously. We believe that we have a fundamental civic duty not to encourage criminal extortion in any way, ” explained a representative of the company
“The privacy and security of our customer and employee data continues to be of paramount importance. We recognize and understand the impact this can have and we are in close contact with our customers,” concluded HWL Ebsworth.
Since the law firm has naturally dealt with the public sector, there are concerns about the leakage of documents containing sensitive or confidential information of national importance.
Thus, among the current and former clients of HWL Ebsworth are the following organizations: the government of South Australia, Queensland, the Australian Capital Territory, the Australian Department of the Environment and Human Services, as well as the Australian Revenue Authority and the ANZ Banking Group. In this regard, it is not entirely clear why, with such an abundance of customers in all industries, the company was so categorically opposed to assisting intruders.
Among cybercriminal groups, more and more often, one can notice a tendency to attack not individual enterprises, but peculiar hub companies that contain confidential information of hundreds or even thousands of organizations. Information stolen from such companies can be effectively used for multiple blackmail. A prime example of this is several successful Clop ransomware attacks targeting MFT services (Accellion FTA, Fortra GoAnywhere, and MOVEit Transfer).
Thus, even if HWL Ebsworth refused to pay the ransom, it is possible that some of her clients themselves will want to contact the hackers and agree on the safety of their data. This means that such extortion schemes are much more profitable for attackers than single attacks even on large companies.