Epiq Global, a global legal services firm with clients ranging from banks to governments, has been hit with ransomware and was forced to take its entire network offline.
The law fim, which has 80 offices across the globe, was attacked on February 29, the company confirmed, saying it took measures to mitigate the damages:
“As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation,” a company statement said.
“Our technical team is working closely with world class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible.”
Employees were advised to turn off the W-iFi on their devices as soon as they approached the company's parking lot and not to go to their local offices without managerial approval.
A person familiar with the matter, who asked to remain anonymous, told TechCrunch that the employees were told to keep quiet and not say a word to their clients until the matter was resolved. The same person also said that the company systems were outdated, allegedly saying “Nothing is up to date.”
The ransomware family used for the attack is yet unknown. Newer strains not only encrypt data, but also exfiltrate it first, so it remains to be seen if the attackers got their hands on any critical data.