The dark web is one of the few places where envoys of the world’s most prestigious law firms rub shoulders with criminals using cryptic handles like Nullbyte—a place where power and danger intersect.
Law firms can no longer afford to ignore this shadowy realm as AI fuels a surge in scams and cyberattacks. The barrage of threats keeps some cybersecurity partners on high alert every single day, forcing them and their security teams to navigate the dark web’s risks and realities to protect client secrets. I'm Caroline Byrne, Associate Editorof Law.com International, bringing you this week's edition of The Global Lawyer. |
The descent into darkness begins with the Tor Browser, opening the back door to .onion websites, hidden online sites that are difficult to trace. Deals are conducted in a realm where anonymity rules and stolen data is casually discussed in criminal-run chat rooms. Cyber criminals typically demand a ransom for the return of crucial data that may include M&A details or litigation strategies, threatening to leak it online if they aren’t paid handsomely.
It’s a dangerous, high-octane game that everyone wants to resolve quickly. Negotiations can stretch from a week to several excruciating months though—a lifetime for some law firms that suddenly find their network frozen and files encrypted in a ransomware attack. Not every firm pays up, of course, but some of the marquee brands have been hit to varying degrees.
The CL0P gang reportedly targeted Kirkland & Ellis, Proskauer Rose and K&L Gates in 2023. LockBit breached legacy firm Allen & Overy’s storage servers that same year along with CMS Spain. Orrick reportedly shelled out $8 million after a data breach. Smaller firms are targeted even more often than Big Law. New Jersey firm The Wacks Law Group of Whippany was infiltrated by a ransomware group called Qilin, for example, then faced a lawsuit brought by individuals whose personal information was targeted.
On and on the disturbing tales go, from DLA Piper London’s near shut-down to Australia’s largest law firm, HWL Ebsworth, which spent months grappling with the fallout of a major cyberattack that exposed 2.5 million documents.
Fenwick & West is said to be one of the more recent victims, with one cybersecurity expert noting the firm’s data was leaked on the dark web when it refused to pay a ransom. Fenwick & West wouldn’t be the only holdout, though. Some organisations refuse to pay on principle, while others set strict limits and walk away if demands get too steep. Law firms serving U.S. and U.K. governments often face added pressure not to negotiate with criminals, even when paying seems like the easier option.
Psychology is at the heart of ransom attacks, where the goal isn't just to breach systems, but to manipulate people through social engineering to unlock a lucrative payday...
|
