Ransomware Attack on Virginia Law Firm by Hunters International
Ransomware Attack on Rinehart Butler Hodge Moss & Bryant by Hunters International
Rinehart, Butler, Hodge, Moss & Bryant, PLC, a law firm based in Stafford, Virginia, has recently fallen victim to a ransomware attack orchestrated by the notorious group known as Hunters International. The firm, which specializes in family law and domestic issues, is now grappling with the severe implications of this breach.
Company Profile
Rinehart, Butler, Hodge, Moss & Bryant, PLC operates from its office at 1259 Courthouse Road, Stafford, VA 22554. The firm is notable for its comprehensive range of legal services, particularly in areas such as divorce, child custody, spousal support, and domestic abuse. With a team of 10 to 19 staff members, the firm prides itself on offering personalized legal services. Despite its small size, the firm has established a strong reputation in the local legal landscape, focusing primarily on family law matters.
Attack Overview
The ransomware attack, claimed by Hunters International, has resulted in the exfiltration of a significant amount of sensitive data from the law firm. The attackers have disclosed that they have accessed 268.3 GB of data, encompassing 277,904 files. This includes bills, client information, email details, and case files. Additionally, the attackers have provided screenshots as evidence of their access to the firm's information. Among the stolen data, there is specific mention of current case details and further client information, totaling an additional 61 GB across 33,653 files. This breach poses a severe risk to the confidentiality and integrity of the firm's operations and client trust.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International's ransomware code contains approximately 60% overlap with samples of Hive ransomware version 61, indicating a shared technical lineage. The group's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.
Penetration and Impact
While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in the firm's cybersecurity infrastructure. Given the firm's relatively small size and specialized focus, it may not have had the necessary cybersecurity measures to fend off such a sophisticated attack. The breach has resulted in significant data breaches, financial losses, and reputational damage to the firm.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!