Germany’s national bar association investigating ransomware attack
A bar association representing German lawyers nationwide is investigating a cyberattack on its office in Brussels.
The German Federal Bar (BRAK) Association discovered the attack on August 2. The group is an umbrella organization overseeing 28 regional bars across Germany and representing about 166,000 lawyers nationally and internationally.
On Monday, the NoEscape ransomware group claimed it attacked the organization after BRAK announced last week that it was investigating a cyberattack. The organization did not respond to requests for an update on the situation, instead referring Recorded Future News to last week’s news release.
In the statement they said they were working with a forensic firm to investigate the ransomware attack, which was discovered on August 2, on its Brussels office. They have been able to restore access to their email system and plan to contact anyone who had data accessed during the incident.
“The Brussels office… fell victim to a criminal cyberattack, which led to a failure of the IT systems,” they wrote. Once discovered, “all network connections were immediately severed.”
“BRAK is currently working with an external service provider for IT security on a forensic analysis of the IT systems in order to clarify the incident and repair the damage… BRAK reported the incident to the Federal Commissioner for Data Protection and is in contact with the Belgian police, the Berlin State Criminal Police Office and the Cyber Emergency Response Team of the Belgian Center for Cyber Security,” they added.
The hackers encrypted BRAK’s mail server and exfiltrated 160 gigabytes of data. The organization is still trying to figure out how much information was taken involving communications from people contacting the Brussels office. The organization is operating under the assumption that such information was leaked.
The organization runs a special email service for lawyers but said that mailbox is on a completely separate system.
Officials said the ransomware gang threatened to leak what it stole and were told to contact the cybercriminals for more information.
BRAK warned that people should be wary of any emails referencing or purporting to come from the organization — particularly any requests for bank account informationn.
“The resumption of normal operations is being prepared,” they said.
Recorded Future ransomware expert Allan Liska said previously that NoEscape was first seen in May, when it advertised its services on the cybercriminal forum RAMP. The Record is an independent editorial unit of Recorded Future.
NoEscape’s ransomware is “not based on previous/stolen source code and it is written in C++,” he said.
“Despite being relatively new, they have already hit at least half a dozen victims including a hospital in Belgium, a manufacturing company in the US and another manufacturing company in the Netherlands,” Liska added.
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.