Close up of hands using laptop with skull hologram showing law firm cyber attack

Magic Circle Law Firm Allen & Overy Suffers a LockBit Cyber Attack After Shearman & Sterling Merger

Allen & Overy (A&O) has suffered a cyber attack that compromised some storage servers, the Magic Circle law firm has disclosed.

“We have experienced a data incident impacting a small number of storage servers,” said an A&O spokesperson. “Investigations to date have confirmed that data in our core systems, including our email and document management system, has not been affected.”

Based in London, United Kingdom, Allen & Overy operates in 31 countries with over 5000 employees and 500 partners.

The cyber attack coincided with Allen & Overy’s merger with Shearman & Sterling to form A&O Shearman, the only law firm “fluent in US law, English law, and the laws of the world’s most dynamic markets.” The new outfit will have 800 partners and a combined annual revenue of over $3.5 billion.

Allen & Overy law firm is investigating a cyber attack

The law firm launched an investigation and engaged an independent cybersecurity advisor to assist its incident response team contain the incident.

The law firm continued to operate normally with periodic disruptions from mitigation efforts implemented.

“The firm continues to operate normally with some disruption arising from steps taken to contain the incident,” said the law firm. “Detailed cyber forensic work continues to investigate and remediate the incident.”

So far, Allen & Overy has yet to determine the nature of the information compromised. The Magic Circle law firm has not disclosed if ransomware was deployed during the cyber attack.

“As a matter of priority, we are assessing exactly what data has been impacted, and we are informing affected clients,” said the law firm. “We appreciate that this is an important matter for our clients, and we take this very seriously. Keeping our clients’ data safe, secure, and confidential is an absolute priority.”

LockBit ransomware claims Allen & Overy cyber attack

The Russian LockBit ransomware group has claimed responsibility for the Allen & Overy cyber attack. The group threatened to leak stolen data if the law firm failed to pay a ransom by November 28.

The ransomware group added the Allen & Overy law firm to its data leak site and warned, “All available data will be published.”

However, the law firm has neither attributed the cyber attack to the LockBit ransomware group nor confirmed receiving any ransom demand.

LockBit ransomware gang leaked Royal Mail’s data after the corporation refused to pay the $66 million ransom demanded, which was later reduced to $47 million.

Other high-profile alleged victims include Boeing, which was listed and quickly delisted from the data leak site, likely after paying a ransom. The group also compromised the UK Ministry of Defense and leaked secret information.

On June 14, 2023, the Five Eyes Alliance, Germany, and France warned that LockBit was the most deployed ransomware in 2022 and “continues to be prolific in 2023.”

Law firms targeted by cyber attacks

Digitalization during and post-COVID-19 created more opportunities for cybercriminals to compromise and extort organizations, according to a risk assessment report by the legal association the SRA.

LockBit has listed several law firms, including the New York-based Kaufman Borgeest & Ryan, Mississippi’s Holland & Hisaw, and Marcia Binder Ibrahi’s immigration law office.

Gerasim Hovhannisyan, CEO and co-founder of EasyDMARC, warned that the cyber attack highlighted a growing cyber threat to law firms.

“Coming on the heels of the collapse of the Ince Group, this recent attack on another law firm is illustrative of the growing cyber threat faced by legal institutions,” said Hovhannisyan. “As organizations trusted with such sensitive data, it is imperative that cyber security measures are treated as a top priority by those in charge.”

In November 2021, the FBI and CISA warned that threat actors targeted organizations during significant financial events such as stock valuations, mergers, and acquisitions.

They blackmail the organizations into paying the ransom by threatening to disclose their financial information, likely causing investor backlash. Additionally, the groups searched for any publicly available information they could exploit to force the victim into paying the ransom.

While Allen & Overy has not linked the cyber attack to the recent merger, LockBit would likely have exploited the financial event.