Epiq Calls In The Feds After Ransomware Attack – But ‘No Client Data Accessed’

Epiq, the legal data and services platform, has gone off-line following a ransomware attack. The attack is now being investigated by US Federal law enforcement.

However, the company stressed that no client data had been accessed and no client data had been exfiltrated from the company either.

A source close to the company told Artificial Lawyer that this was certainly the result of a ransomware attack, but that at present it could not be said how much the ransom was for, or how long it would be before the problem was solved.

The source would not say which Federal agency was helping with the investigation, however the Federal Bureau of Investigation does handle cybercrime, including ransomware attacks.

Also, the company issued the following statement to Artificial Lawyer:

‘On February 29, we detected unauthorized activity on our systems, which has been confirmed as a ransomware attack. As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation.

Our technical team is working closely with world class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible.

Federal law enforcement authorities have also been informed and are involved in the investigation.

As always, protecting client and employee information is a critical priority for the company. At this time there is no evidence of any unauthorized transfer or misuse or exfiltration of any data in our possession.’

What the Epiq site currently says.

Artificial Lawyer also received a comment from Relativity, after ‘Epiq-hosted instances of Relativity’ were affected by the ransomware attack when it forced Epiq to go offline. The ediscovery company told this site:

‘Epiq took their own systems offline after detecting unauthorized activity, which is impacting Epiq-hosted instances of Relativity (among all the other software they use) – meaning customers using their instances are unable to work on projects they have underway. 

‘As the outage is related to Epiq’s systems, the issue isn’t related specifically to Relativity Server or RelativityOne broadly. We know Epiq is working diligently to address the outage, and we’ve been in touch if there’s anything we can do to help.’

The challenging news comes after plenty of good news for Epiq. Earlier last month, the US-based company announced the launch of an enhanced suite of managed services solutions for clients, as well as opening a new global capability centre in Hyderabad, India, also this February.

And, also in February this year, the company announced the hire of a new CTO, Shah Karim, for its legal solutions business group. Prior to joining Epiq, Shah was senior vice president for product development at Pitney Bowes’ software and data businesses. He’ll certainly be facing some complex challenges in his new role at this very moment.

Ransomware attacks – as well as cyber attacks and hacks in general – are a growing problem for law firms and those connected to them. By their nature, law firms and related businesses hold highly sensitive documents, often in scenarios that are very time-sensitive, from M&A data that is not yet public, to details of litigation that have not yet been made public in court.

A blog from the security company Emisoft earlier this year stated that:

‘Five law firms have been hit by a notorious ransomware group known as Maze – three within the last 72 hours alone. It is highly likely Maze will target more law firms in the days and weeks ahead. While only U.S. firms have so been hit, firms in other countries are equally at risk.

‘In staying true to Maze’s typical modus operandi, the cybergang didn’t simply encrypt the law firms’ data – they also stole it.

‘Maze – the same group responsible for the attacks on the City of Pensacola, Allied Universal, Southwire and many others – typically uses exfiltrated data as added leverage in ransomware attacks.’

However, in Epiq’s case, they have stated that no data was stolen, so….perhaps….if things work out….then the company may be in a better position to deal with this than some others that had their client data exfiltrated.

And, as everyone no doubt remembers, one of the biggest ever ransomware attacks in the legal world happened to global law firm DLA Piper, back in 2017.

This perhaps all goes to show that despite the huge efforts legal sector businesses make when it comes to security, there can still be mistakes, and it’s by no means an isolated phenomenon.