Legal services giant Epiq Global offline after ransomware attack

Copy paste programmers

Legal services giant Epiq Global has been hit by a ransomware attack.

The company, which provides legal counsel and administration that counts banks, credit giants, and governments as customers, confirmed the attack hit on February 29.

“As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation,” a company statement read. “Our technical team is working closely with world class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible.”

The company’s website, however, says it was “offline to perform maintenance.”

A source with knowledge of the incident but who was not authorized to speak to the media said the ransomware hit the organization’s entire fleet of computers across its 80 global offices. According to an internal communication sent to staff that was obtained by TechCrunch, the law services company said staff should “not go” to their local offices without managerial approval. Staff in offices were advised to avoid connecting any device to the network. The communication also said that staff should “turn off the Wi-Fi on your laptop before entering the parking lot of the building” in an effort to prevent the spread of the ransomware.

Many of the computers were running old versions of Windows, the source said. “Nothing is up to date,” the source said.

The source came forward because, in their words, “we were told not to tell clients anything until we are back in.”

It’s not immediately clear which kind of ransomware was used in the attack, but Epiq Global said in its statement that there was “no evidence” that data was stolen. Although ransomware typically infects computers, spreads, and encrypts files across a network in exchange for a ransom, some newer and more advanced ransomware families also exfiltrated corporate data before encrypting the files and threatened to publish the files unless a ransom is paid.

Just this week, Visser, a parts manufacturer for Tesla and SpaceX, was hit by a more advanced, data exfiltrating ransomware. A portion of the files stolen from the company were published by the ransomware group.

Epiq spokesperson Catherine Ostheimer declined to disclose the details of the ransomware, nor did she provide a percentage of the data or computers impacted by the attack. Ostheimer also declined to confirm the contents of the email obtained by TechCrunch.

None of our specific questions were addressed, including if the law services giant had contacted its clients impacted by the attack.

“Our offices globally are open for business and we’re working with third party experts to address this matter, and to bring our systems back on line in a secure way as quickly as possible,” the spokesperson said.