Chubb Bulleid Law Firm Hit by Cactus Ransomware, Data Exposed

Incident Date: Jul 30, 2024

Attack Overview

VICTIM

Chubb Bulleid

INDUSTRY

Law Firms & Legal Services

LOCATION

United Kingdom

ATTACKER

Cactus

FIRST REPORTED

July 30, 2024

Request Removal

Chubb Bulleid Law Firm Targeted by Cactus Ransomware Group

Chubb Bulleid, a prominent law firm based in Somerset, UK, has recently fallen victim to a ransomware attack orchestrated by the Cactus ransomware group. The attack, disclosed on July 31, 2024, has led to the exposure of a significant amount of sensitive and confidential information.

About Chubb Bulleid

Chubb Bulleid is a well-established law firm with offices in Wells, Street, and Somerton. Formed in March 1997 through a merger of Chubb Beresford and Bulleid Leeks & Co., the firm has expanded over the years, incorporating Alan R Walton & Company in 2004 and T.G. Pollard & Co. in 2015. The firm operates as a private limited company under the name Chubb Bulleid Limited, with the company number 05386876.

Chubb Bulleid provides a range of legal services to individuals, families, and businesses, both locally and internationally. The firm emphasizes community engagement and personalized service, maintaining strong ties with the local community. Their commitment to high-quality service has fostered a reputation for reliability and professionalism.

Details of the Ransomware Attack

The ransomware attack on Chubb Bulleid has resulted in the exposure of various sensitive documents, including litigation files, corporate data, non-disclosure agreements, contracts, employee records, financial documents, and internal correspondence. Screenshots of the leaked information have surfaced, although the download links have been redacted by the attackers. The firm has yet to publicly address the full extent of the damage or the specifics of the attack, and it is presumed that an investigation is underway.

About the Cactus Ransomware Group

The Cactus ransomware group, first discovered in March 2023, operates as a ransomware-as-a-service (RaaS). The group is known for exploiting vulnerabilities and leveraging malvertising lures for targeted attacks. Cactus ransomware affiliates use custom scripts to disable security tools and distribute the ransomware, targeting organizations across various industries.

Cactus ransomware employs unique encryption techniques to avoid detection, using a batch script to obtain the encryptor binary using 7-Zip and then deploying the encryptor binary with an execution flag. The group appends the file extension “.cts1” to the end of encrypted files. Their attacks often involve creating multiple accounts and adding them to the administrator's group to evade detection and escalate privileges.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.