Ransomware Attack on Orshan, Spann & Fernandez-Mesa by Hunters International

Orshan, Spann & Fernandez-Mesa, a prominent family law firm based in Miami-Dade County, Florida, has allegedly fallen victim to a ransomware attack orchestrated by the notorious group Hunters International. The attack, discovered on November 26, resulted in the exfiltration of approximately 1.1 terabytes of sensitive data from the firm's systems. Despite the breach, the attackers did not encrypt the firm's data, leaving the law firm grappling with the potential exposure of confidential client information.

About Orshan, Spann & Fernandez-Mesa

Orshan, Spann & Fernandez-Mesa is a distinguished law firm specializing exclusively in divorce and family law. The firm is recognized for its client-centric approach, offering personalized legal services tailored to the unique circumstances of each client. With a team of experienced attorneys, the firm handles complex cases involving significant assets and contentious custody disputes. Their commitment to high-quality representation and strong attorney-client relationships sets them apart in the legal industry.

Vulnerabilities and Targeting

As a mid-sized law firm handling high-net-worth divorce cases, Orshan, Spann & Fernandez-Mesa is an attractive target for ransomware groups like Hunters International. The sensitive nature of the data they manage, including personal and financial information, makes them vulnerable to attacks aimed at exploiting such information for financial gain. The firm's reliance on digital systems for managing client data may have presented an entry point for the attackers.

Attack Overview

Hunters International, a Ransomware-as-a-Service group, executed the attack by exfiltrating a significant volume of data from the firm's systems. The group is known for its double extortion tactics, which typically involve data encryption and theft. However, in this instance, they opted not to encrypt the data, focusing instead on the potential leverage gained from the stolen information. The attack highlights the ongoing threat posed by sophisticated ransomware groups to legal practices in the United States.

About Hunters International

Emerging in October 2023, Hunters International quickly gained notoriety by leveraging code from the defunct Hive ransomware operation. The group distinguishes itself through its use of advanced encryption techniques and a global network of affiliates. Their attacks often involve multi-stage operations, utilizing phishing campaigns and social engineering to gain initial access. The group's ability to bypass advanced security measures underscores their sophistication and the critical threat they pose to organizations across various industries.