Legal Tech Giant Casepoint Falls Victim to BlackCat Ransomware Attack

  1. In a significant cybersecurity incident, Casepoint, a leading legal technology platform, was targeted by the BlackCat ransomware gang, resulting in the theft of over 2 TB of sensitive data, including attorney files and confidential information.
  2. Post-attack, Casepoint initiated robust incident response protocols, engaging an external forensic firm for thorough investigation and using advanced endpoint detection tools to maintain operational continuity and security. The incident highlights the critical need for robust cybersecurity measures across organizations.

Casepoint, a leading litigation technology platform, has been named the latest victim of the notorious ransomware gang, BlackCat, also known as ALPHV. The group has claimed to have stolen over 2 TB of sensitive data from Casepoint, which includes attorney files and other confidential information.

The announcement of the breach was made on BlackCat’s dark web victim blog. The ransomware gang shared a sample of the data that was compromised, which included visa details, a report, and a certificate. This cybersecurity incident poses a significant threat to the privacy and security of Casepoint’s clients and data.

Casepoint is renowned in the legal tech industry, providing services to a diverse range of clients, including prestigious government agencies like the Securities and Exchange Commission (SEC) and the Department of Defense (DoD), as well as esteemed organizations such as the Marriott Hotel chain.

BlackCat operates a ransomware-as-a-Service model, making its malware available to other cybercriminals. The group is linked to other infamous ransomware gangs such as REvil, BlackMatter, and DarkSide. It demands ransoms that typically range from $400,000 to $3 million, payable in cryptocurrency. A shocking 90% of BlackCat’s victims reportedly end up paying the ransom, underscoring the severity of their attacks.

Following the attack, Casepoint quickly activated their incident response protocols on May 30. The company has engaged the services of an external forensic firm to thoroughly investigate the cybersecurity incident. Vishal Rajpara, the co-founder and CTO of Casepoint, confirmed the ongoing investigation, but refrained from disclosing specific details regarding the incident, as per standard security protocols.

Rajpara acknowledged the claims made by the ransomware gang regarding the theft of data from Casepoint, although he did not confirm whether the attack was carried out by the ALPHV ransomware gang. TechCrunch reported seeing samples of the exfiltrated data, which included sensitive health information from a Georgia-based hospital, a legal document, a government-issued ID, and an internal document allegedly issued by the FBI.

Despite the attack, Casepoint maintains its operations are fully functional. The company has enlisted the expertise of a third-party forensic firm to employ advanced endpoint detection monitoring tools and perform comprehensive scans for any signs of suspicious activity.