S'pore law firm Shook Lin & Bok hit by cyber attack; allegedly paid S$1.89mil in bitcoin as ransom


SINGAPORE: Singapore law firm Shook Lin & Bok was hit by a ransomware attack in April, and the incident is now under investigation by the local authorities.

In response to queries from The Straits Times, a spokesman for the firm said the incident was discovered on April 9, and the firm immediately engaged a cyber-security team.

He added that the firm’s systems were contained as of 2am on April 10, and that the incident has been reported to the police, Cyber Security Agency of Singapore (CSA), and Personal Data Protection Commission Singapore.

The firm is working closely with cyber-security teams and other specialists to minimise impact on its clients and stakeholders, said the spokesman.

There is no evidence so far that the firm’s document management systems which contain client data were affected, and the firm continues to operate as usual, he added.

According to a report by independent website SuspectFile, which posts primarily about ransomware incidents, the law firm allegedly paid 21.07 bitcoin to Akira ransomware group spread across three transactions. The amount was equivalent to around US$1.4 million (S$1.89 million) at the time of payment.

When contacted by ST, the firm did not respond to queries about whether it had paid any ransom to the group.

Shook Lin & Bok offers services in areas such as banking and finance, capital markets, and construction and projects.

The group had initially demanded a payment of US$2 million in bitcoin, but the firm was able to negotiate to lower the ransom, said the report.

The Akira ransomware group began operating in early 2023, and typically demands ransoms between US$200,000 and US$4 million to prevent stolen data from being published online, said Leonardo Hutabarat, head of solutions engineering of Asia-Pacific and Japan at IT security company LogRhythm.

The group usually goes after small and medium-sized businesses, which are perceived as easier targets due to weaker cyber-security systems, he said, adding that it uses tactics such as phishing e-mails and exploiting unpatched software vulnerabilities to infiltrate systems.

The group uses double or multi-extortion techniques, where it threatens to leak or sell private and confidential data, while refusing the victims’ access to encrypted data or systems, he added.

The law firm had allegedly paid the ransom to obtain decryption keys for its ESXi virtualisation platform, according to SuspectFile’s report.

The platform functions as an operating system which helps organisations create virtual representations of servers, storage, networks, and other physical machines, said Hutabarat.

He added that Akira also likely stole corporate data before encrypting the files, which it could use as leverage in extortion attempts.

“The threat facing the victim here is twofold – one, the loss of access to their virtual servers, which affects the continuity of daily operations,” said Hutabarat. “Two, the threat of confidential corporate and client data being leaked, which may cause reputational damage and financial loss.”

Akira group has previously claimed responsibility for a December 2023 data breach on Nissan Oceania, the regional division of Japanese automaker Nissan.

A CSA spokesman told ST that the agency is aware of this incident, and has offered assistance to the law firm.

The Government “strongly discourages” victims from paying the ransom as there is no guarantee that locked data will be decrypted, or that stolen data will not be used for malicious purposes once ransom has been paid, said the spokesman.

He added that threat actors may also view such organisations as soft targets who are willing to pay up, and strike again.

He said that paying also encourages the threat actors to continue their criminal activities and target more victims.

“Ransomware remains a growing concern in Singapore, a trend that is mirrored globally,” said the spokesman, adding that it is important for organisations to take steps to enhance their resilience against ransomware threats.

CSA urges the public to refer to the one-stop ransomware portal at go.gov.sg/rwportal for available tools and resources, and advises organisations to report any ransomware attacks to the police and CSA’s Singapore Cyber Emergency Response Team, he said.

Nathan Hall, vice-president of Asia Pacific and Japan at IT services company Pure Storage, said that while ransomware attacks pose risks of significant financial and reputational damage, companies can reduce their chances of a successful attack with the right processes and technology.

Some basics to mitigate damage include performing regular updates, using robust encryption, maintaining vigilant monitoring and having a Zero Trust security model, he added.

The model requires rigorous authentication and authorisation for every connection attempt, and grants users and applications only the minimum amount of access needed to do their required tasks. - The Straits Times/ANN

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Singapore , law , firm , bitcoin , ransom , cyber , attack

   

Next In Aseanplus News

New Zealand lead by 143 as spin rules in seesaw third India Test in Mumbai
Motor racing-Norris wins Sao Paulo sprint to cut Verstappen's F1 lead
US restaurant chain TGI Fridays files for bankruptcy
Asean News Headlines at 10pm on Saturday (Nov 2, 2024)
'For sake of women and children' Singapore continues to call for ceasefire in Gaza and release of all hostages, says foreign minister
Thai finance minister says plans debt relief measures, seeks to ease mortgage rules to help people
Indonesia considers importing one million tonnes of rice from India and ensure enough supply until harvest season
Philippine police nabs alleged crime group leader after shootout with cops
Vietnam's aquatic exports expected to rise in year-end despite many challenges
Myanmar, Thailand and Laos launch joint action plan to tackle transboundary haze

Others Also Read