An Epiq Ransomware Attack Hits Legal Services Industry Leader

Epiq, a global leader in the legal services industry, today shared that it has taken its systems offline globally to contain the threat of a confirmed ransomware attack. The timeline for the online restoration of the systems remains unclear at the current time.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Editor’s Note: This incredibly unfortunate and highly visible event in the eDiscovery ecosystem highlights a challenge faced by every law firm, corporation, and legal services provider, that being the protection and preservation of data privacy, systems security, and business continuity in the face of nefarious cybersecurity threats.

Update: The website presence of Epiq has returned as of mid-afternoon on Tuesday, March 3, 2020. (EpiqGlobal.com)

Press Announcement from Epiq

Epiq Issues Statement on Unauthorized System Activity

Epiq, a global leader in the legal services industry, today [March 2, 2020] issued the following statement:

On February 29, we detected unauthorized activity on our systems, which has been confirmed as a ransomware attack. As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation.

Our technical team is working closely with world-class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible.

Federal law enforcement authorities have also been informed and are involved in the investigation.

As always, protecting client and employee information is a critical priority for the company. At this time there is no evidence of any unauthorized transfer or misuse or exfiltration of any data in our possession.

About Epiq

Epiq, a global leader in the legal services industry, takes on large-scale, increasingly complex tasks for corporate counsel, law firms, and business professionals with efficiency, clarity, and confidence. Clients rely on Epiq to streamline the administration of business operations, class action and mass tort, court reporting, eDiscovery, regulatory, compliance, restructuring, and bankruptcy matters. Epiq subject-matter experts and technologies create efficiency through expertise and deliver confidence to high-performing clients around the world.

Read the complete release at Epiq Issues Statement on Unauthorized System Activity


An article extract from Zach Whittaker of TechCrunch

Legal Services Giant Epiq Global Offline After Ransomware Attack

A source with knowledge of the incident but who was not authorized to speak to the media said the ransomware hit the organization’s entire fleet of computers across its 80 global offices. According to an internal communication sent to staff that was obtained by TechCrunch, the law services company said staff should “not go” to their local offices without managerial approval. Staff in offices were advised to avoid connecting any device to the network. The communication also said that staff should “turn off the Wi-Fi on your laptop before entering the parking lot of the building” in an effort to prevent the spread of the ransomware.

Many of the computers were running old versions of Windows, the source said. “Nothing is up to date,” the source said.

The source came forward because, in their words, “we were told not to tell clients anything until we are back in.”

Read the complete article at Legal Services Giant Epiq Global Offline After Ransomware Attack


An article extract from Artificial Lawyer

The Epiq Ransomware Attack – A Threat Analyst’s View

This site asked Canada-based threat analyst, Brett Callow, at security company Emsisoft, who has written extensively about attacks on the legal sector before, what he thought this attack meant.

Callow’s first point was that he believes it’s too early to be certain that client data hasn’t been compromised.

A source close to Epiq told this site that ‘no client data had been accessed’, while an official statement added that: ‘There is no evidence of any unauthorized transfer or misuse or exfiltration of any data in our possession.’

From Callow’s perspective saying this with absolute certainty so soon after the initial attack may not be possible.

‘Ransomware incidents should be regarded as data breaches from the get-go. Waiting for several weeks until a forensic analysis is complete gives the criminals too much time to work with any data that was exfiltrated,’ he said.

He explained to Artificial Lawyer that the situation can sometimes be like ‘someone walking into a burglarised home and saying: ‘I don’t think anything has been taken’.’

‘Working out what did or did not happen during a ransomware incident requires a full forensic investigation that can take several weeks,’ he added.

Read the complete article at The Epiq Ransomware Attack – A Threat Analyst’s View


An article extract from Frank Ready of Legaltech News

Epiq Global Takes Systems Offline Following Ransomware Attack

Visitors to Epiq Global’s website on Monday likely received the following message: “Our corporate web site is offline to perform maintenance.” The e-discovery and managed services company took its systems offline on Saturday after detecting “unauthorized activity” that a spokesperson has since confirmed as a ransomware attack. The outage was first reported by legal tech journalist Bob Ambrogi.

The timeline for bringing Epiq’s systems back online is still unclear—which could pose issues to customers with projects to complete.

Read the complete article at Epiq Global Takes Systems Offline Following Ransomware Attack


An article extract from Bob Ambrogi of LawSites

Epiq Global Down As Company Investigates Unauthorized Activity on Systems

Epiq Global, an international e-discovery and managed services company, has taken its systems offline globally after detecting unauthorized activity.

Epiq made the move on Saturday as part of its data security response plan and has brought on a third-party forensics firm to conduct an investigation.

Among the systems taken offline are Epiq’s instances of the Relativity e-discovery software, leaving customers unable to work on review projects they have underway.

Read the complete article at Epiq Global Down As Company Investigates Unauthorized Activity on Systems

Additional Reading

Source: ComplexDiscovery

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.