Deadline looms for Allen & Overy’s ransomware payment
Ian usually just told lawyers to switch it off and switch it on again.
Allen & Overy has until Tuesday to pay off a gang of cybercriminals or they will release a cache of files stolen from the firm, the hackers have said.
Three weeks ago the LockBit ransomware group announced that it had added the Magic Circle to its long list of victims, which includes Accenture and the Ministry of Defence, and that A&O had until 28 November to pay up.
LockBit originated in countries which belonged to the former Soviet Union and operates as a franchise, providing its software and negotiation framework to affiliates in exchange for a proportion of the ransoms they extort.
Recently the LockBit high table ordered its affiliates to hike the amounts they demand from victims after reportedly being disappointed with the size of ransom payments.
For organisations with revenues upwards of $1 billion, a ransom equating to 0.1% to 3% of the total should be sought, according to a cyberthreat analyst’s report on the gang’s new rates.
That didn’t pan out when an offshoot attempted to extort £66m from Royal Mail. Demands for a sum equivalent to 0.5% of the company’s global revenue faltered when Royal Mail’s negotiator argued that LockBit had actually hacked a loss-making subsidiary of the Plc, Royal Mail International, and that “under no circumstances” would it pay “the absurd amount of money” LockBit had demanded.
On top of which, said Royal Mail’s negotiator, what damage the hack could do had already been done, having triggered a breakdown of the company’s ability to make international deliveries.
Allen & Overy’s revenues were £2.1 billion in 2022, which means if the gang is operating in line with LockBit’s edicts, the firm could currently be attempting to argue down a number between £2.1m and £10.5m.
A&O declined to specify how much the criminals were demanding and whether it was engaging with them, referring RollOnFriday to its statement at the time of the attack when it said it had “experienced a data incident impacting a small number of storage servers”.
LockBit’s ransomware can enter a network via phishing, where an employee receives an email requesting access details which appears…
