How the HWL Ebsworth cyber hack by Russia-linked ALPHV unfolded

/in


Some of those firms had been aware of a possible hack since 5.30pm on Friday, when they were alerted by their IT departments.

This was barely an hour after HWLE became aware – Mailler told Hearsay it was 4.30pm – there a “a potential breach” of its IT network by Russia-linked group ALPHV (aka Black Cat).

Hearsay understands that tech boffins at a number of firms who keep an eye on accounts that patrol the dark web saw a post on the Twitter handle #FalconFeedsio: “ALPHV #ransomware group added HWL Ebsworth, a law firm based in Australia, to their victim list.”

Cyber threat: The tweet sent out on Friday afternoon. Twitter

It’s a common tactic among cybercriminals to go after a business late in the day, at night or over the weekend, when staffing is probably at its lowest.

ALPHV claimed to have access to four terabytes of HWLE data, including employee records and client information such as loan records and agreements.

More information was posted on the internet over the weekend as HWLE worked to understand the depth of the problem. There was alarm at screenshots that indicated the hackers had gained access to correspondence from other big commercial firms, such as Ashurst.

All-staff email

Mailler said partners were kept in the loop over the weekend, and that an all-staff email about the breach was sent out at 8.48pm on Sunday. (Hearsay received its first tip in an email just after 6.30pm.)

On Wednesday afternoon, HWLE issued a second statement for the week that said it was continuing to “investigate and gather accurate information in response to the claim that an unauthorised third party has extracted data from our firm”.

“The privacy and security of our client and employee data remains of the utmost importance to us, and we are in contact with clients to advise them of the situation and the steps we are taking to deal with the event.

“We acknowledge and understand the concern that this will raise for our clients and our people.”

Mailler declined to comment on whether it had received a ransom note.

Ashurst said in a short statement on Thursday that it had “been in contact with HWL Ebsworth”.

“Like many firms, we are also making independent enquiries regarding any…

Source…