Stephen New & Associates Hit by Hunters International Ransomware

Incident Date: Nov 07, 2024

Attack Overview

VICTIM

Stephen New & Associates

INDUSTRY

Law Firms & Legal Services

LOCATION

USA

ATTACKER

FIRST REPORTED

November 7, 2024

Request Removal

Ransomware Attack on Stephen New & Associates: A Detailed Analysis

Stephen New & Associates, a prominent law firm based in Beckley, West Virginia, has recently fallen victim to a ransomware attack orchestrated by the notorious group Hunters International. This incident underscores the growing threat of ransomware attacks on legal firms, which often handle sensitive client data.

About Stephen New & Associates

Founded in 2004 by Stephen P. New, the firm specializes in personal injury and employment law, boasting a strong track record with over $48 million recovered in personal injury cases and $33 million in employment-related cases. The firm is well-regarded for its commitment to justice and community involvement, emphasizing personalized service and local roots. Despite its reliance on sensitive client data, the firm’s legal team makes it a prime target for cybercriminals.

Attack Overview

Hunters International claims to have infiltrated Stephen New & Associates' systems, exfiltrating 158.5 GB of sensitive data. This breach poses significant risks to client confidentiality and the firm’s operational integrity. The attack highlights vulnerabilities in the firm’s cybersecurity framework, which may have been exploited through phishing campaigns or other sophisticated methods employed by the attackers.

About Hunters International

Emerging in October 2023, Hunters International is a Ransomware-as-a-Service group known for its sophisticated double extortion tactics. The group utilizes code from the defunct Hive ransomware, allowing it to execute complex attacks across various industries. Their malware, developed in Rust, targets both Windows and Linux environments, making it highly adaptable and effective.

Penetration Tactics

Hunters International likely gained access to the firm’s systems through phishing emails or exploiting remote services. Their use of the SharpRhino Remote Access Trojan and advanced encryption techniques, such as ChaCha20-poly1305 and RSA OAEP, makes their attacks particularly challenging to defend against. The group’s ability to bypass advanced security measures, as seen in previous attacks, suggests a high level of sophistication.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.