Security Experts:

Legal Services Firm Epiq Hit by Ransomware

Legal services company Epiq has taken its systems offline globally after being hit by a piece of ransomware.

Epiq said on Monday that it detected the malware on its systems on February 29. The company said it had found no evidence that any data was exfiltrated or misused.

“As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation,” Epiq said in a statement.

“Our technical team is working closely with world class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible,” it added. “Federal law enforcement authorities have also been informed and are involved in the investigation.”

It’s unclear which ransomware was involved in the attack and how many of Epiq’s systems were impacted. SecurityWeek has reached out to the company for additional information and we will update this article if we receive a response.

TechCrunch learned from an Epiq employee that the ransomware affected the company’s entire fleet of computers across its 80 global offices. Employees were reportedly told not to go to their local offices without managerial approval and to avoid connecting any devices to the network.

The company’s website, which is currently offline, includes a data security section where the company claims it has a full-time information security team and highly secure, geographically dispersed data centers to reduce the risk of data exposure. However, TechCrunch’s source said many of the firm’s computers were running old versions of Windows and that nothing was up to date.

Ransomware attacks can cause serious problems for major organizations, and several big companies reported being hit over the past year, including Norwegian metals and energy giant Norsk Hydro, Australian shipping giant Toll, Aircraft parts maker ASCO, Mexican oil company Pemex, and testing services provider Eurofins Scientific.

The DHS revealed recently that a piece of ransomware disrupted operations at some natural gas facilities, and an electric utility in Massachusetts informed customers last month that a ransomware infection had disrupted business operations.

Related: New Technique Allows Ransomware to Operate Undetected

Related: Railroad Construction Firm RailWorks Falls Victim to Ransomware

Related: Legislation Would Stiffen Penalties for Ransomware Attacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.