31 May 2023

Lawtech platform Casepoint reportedly hit with BlackCat ransomware


Lawtech platform Casepoint reportedly hit with BlackCat ransomware

Casepoint, a legal technology platform used by multiple US government entities, has been added to a list of victims on a dark web data leak website run by Russia-linked ransomware cartel BlackCat (aka ALPHV).

Casepoint is a cloud-based legal discovery platform used by corporations, law firms, and government organizations. The company works with many high-profile clients such as the US Securities and Exchange Commission (SEC), the Department of Defence (DoD), the US National Credit Union Administration (NCUA), hotel operator Marriott, German industrial giant ThyssenKrupp, academic medical center Mayo Clinic, railway operator BNSF Railway, and others.

The group claims to have stolen 2TB of sensitive data from Casepoint. As proof the cybercrooks posted some samples of allegedly stolen information, including what appears to be visa details, a report and a certificate.

The BlackCat ransomware operation first debuted in November 2021 and since then has consistently been listed among the top ten most active ransomware groups. BlackCat was linked to now-defunct BlackMatter/DarkSide ransomware. In 2022, BlackCat affiliates were linked to attempted extortion of entities globally across multiple sectors including education, government, and energy.

In March 2023, the BlackCat group stole sensitive data from data storage devices maker Western Digital and then mocked the company by leaking a series of screenshots of internal emails and video conferences indicating they still had access to WD’s systems while it was dealing with the hack.


Back to the list

Latest Posts

Cyber Security Week in Review: June 14, 2024

Cyber Security Week in Review: June 14, 2024

In brief: Arm warns of actively exploited Mali GPU zero-day, Microsoft delays the release of its AI-powered Recall feature, and more.
14 June 2024
TellYouThePass ransomware weaponizes recently patched PHP flaw

TellYouThePass ransomware weaponizes recently patched PHP flaw

Imperva identified several campaigns exploiting the CVE-2024-4577 vulnerability.
13 June 2024
Ukraine neutralizes bot farms involved in hacking Ukrainian soldiers’ phones

Ukraine neutralizes bot farms involved in hacking Ukrainian soldiers’ phones

Additionally, the bot farm was used to spread Russian fake news.
13 June 2024