Ransomware Attack on Olschewski Davie Barristers & Solicitors by Akira Group

Olschewski Davie Barristers & Solicitors, a prominent law firm based in Winnipeg, Canada, has recently fallen victim to a ransomware attack orchestrated by the Akira ransomware group. The attack, discovered on July 31, 2024, has raised significant concerns about the security of sensitive client information, particularly given the firm's specialization in real estate law services.

About Olschewski Davie Barristers & Solicitors

Established in 1997, Olschewski Davie Barristers & Solicitors operates from 590 Main Street in Winnipeg. The firm is relatively small, with an employee range between 10 to 19 people. Despite its modest size, the firm has built a reputation for providing comprehensive legal services, particularly in real estate law. They assist clients through various stages of real estate transactions, emphasizing client support from initial paperwork to the final handover of keys. Additionally, the firm offers services in immigration law, family law, and mediation, making it a versatile option for clients seeking legal representation in multiple areas.

Attack Overview

The ransomware attack on Olschewski Davie was claimed by the Akira ransomware group via their dark web leak site. While the exact size of the data leak remains unknown, the incident has undoubtedly compromised sensitive client information. The firm is now grappling with the implications of this breach and is working to mitigate the damage caused by the attack.

About the Akira Ransomware Group

Akira is a rapidly growing ransomware family that first emerged in March 2023. The group targets small to medium-sized businesses across various sectors, including legal services. Akira is believed to be affiliated with the now-defunct Conti ransomware gang, sharing similarities in their code. The group employs double extortion tactics, stealing data before encrypting systems and demanding a ransom for both decryption and data deletion. Akira's ransom demands typically range from $200,000 to over $4 million.

Penetration and Tactics

Akira's operators use unauthorized access to VPNs, credential theft, and lateral movement to deploy ransomware. They have been observed using tools like RClone, FileZilla, and WinSCP for data exfiltration. In some cases, Akira has deployed a previously unreported backdoor. The group's unique dark web leak site features a retro 1980s-style green-on-black interface that victims must navigate by typing commands.

Vulnerabilities and Impact

Olschewski Davie's relatively small size and the sensitive nature of their client data made them a prime target for ransomware attacks. The firm's commitment to client convenience, such as offering video signing of documents, may have inadvertently introduced vulnerabilities that threat actors like Akira could exploit. The breach has significant implications for the firm's reputation and the security of their clients' sensitive information.

• Olschewski Davie Barristers & Solicitors
• Trend Micro: Ransomware Spotlight - Akira
• Sophos News: Akira Ransomware
• Tripwire: Akira Ransomware
• Trellix: Akira Ransomware