On February 13, 2021, DataBreaches.net reported Clop ransomware hackers recently posted redacted sensitive files from Jones Day Law Firm on the dark web. Jones Day Law Firm is the tenth largest law firm in the United States. The hackers claim to have 100GB of data which they obtained by hacking into the Jones Day Law Firm server. The Clop hackers state they did not encrypt the Jones Day Law Firm network, but they did steal the data. They are demanding a $20 million ransom payment from Jones Day Law Firm for a decryption key. The Tor hidden service listing offers 20 Jones Day Law Firm caches, such as “extracted emails”, ranging from 1.5GB to 4.5GB.
Jones Day Law Firm did not respond to the Clop ransomware hackers; however, a spokesperson explained to Bloomberg Law on February 16, 2021, that the hackers stole the confidential files during the Accellion data breach, not directly from the Jones Day Law Firm. Accellion provides file transfer and other services to several firms. Jones Day Law Firm is the second major law firm in the last month to have their private information exposed after the Accellion Data Breach. In an Accellion statement, the company explains they are “conducting a full assessment of the Firewall Traffic Analysis (FTA) data security incident with an industry-leading cybersecurity forensics firm. We will share more information once this assessment is complete. We are working with all impacted FTA clients to understand and mitigate any impact of this incident, and to migrate them to our modern kiteworks content firewall platform as soon as possible.”
The Clop ransomware hackers’ financially motivated extortion of Jones Day Law Firm hack does not stop here. They have also listed data allegedly obtained from several other companies. Deutsche Telekom Security, a German telecommunications company, explains in a January 2021 blog post, “Clop is one of the ransomware gangs that adopted the double extortion technique. Before they deploy their ransomware, they exfiltrate up to terabytes of sensitive data from the victim’s network. In case the victim had proper backups set up and is not willing to pay the ransom, they still can threaten to publish this data on their leak portal.”