Hacking group NetWalker has taken responsibility for the attack and has uploaded the demands and a snippet of what it claimed was the stolen data along with extracts from Law In Order’s website. From screenshots obtained on social media, the firm had just over six days to respond to the demands, starting Tuesday, 24 November. 

In an update released on the firms’ site – which is currently unstable as it manages the attack – it noted: “We are investigating the extent to which information contained in our system, including sensitive personal information, has been affected.”

“At this stage, we have seen no evidence of data exfiltration nor anything that indicates Law In Order’s customers’ networks have been compromised,” it said.

Based on testimonials from the site, the legal services firm has clients from global and top-tiered firms as well as royal commissions. Signing off on several of the testimonials were staff from Slater and Gordon, Allen & Overy, HWL Ebsworth and Hall & Wilcox. 

According to online sources, NetWalker works by stealing data and leaking folders full of screenshots to “prove” it has the information. It then will threaten to release the rest of the data if demands aren’t met. During 2020, the hacking group has been known to use the pandemic against victims by tricking them into clicking on email attachments. 

VIEW ALL

Law In Order said it engaged cyber-security investigators and advisers to work with its IT team so it can understand the full scope of the incident before it brings its networks back online safely and quickly. The legal services firm is also working closely with the Australian Federal Police and with the Australian Cyber Security Centre. 

“We are making progress; however, it is important we do this methodically and safely, as we work to resume normal business operations,” the firm said.