Editor’s Note: This incredibly unfortunate and highly visible event in the eDiscovery ecosystem highlights a challenge faced by every law firm, corporation, and legal services provider, that being the protection and preservation of data privacy, systems security, and business continuity in the face of nefarious cybersecurity threats.
Update: The website presence of Epiq has returned as of mid-afternoon on Tuesday, March 3, 2020. (EpiqGlobal.com)
Press Announcement from Epiq
Epiq Issues Statement on Unauthorized System Activity
Epiq, a global leader in the legal services industry, today [March 2, 2020] issued the following statement:
On February 29, we detected unauthorized activity on our systems, which has been confirmed as a ransomware attack. As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation.
Our technical team is working closely with world-class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible.
Federal law enforcement authorities have also been informed and are involved in the investigation.
As always, protecting client and employee information is a critical priority for the company. At this time there is no evidence of any unauthorized transfer or misuse or exfiltration of any data in our possession.
Epiq, a global leader in the legal services industry, takes on large-scale, increasingly complex tasks for corporate counsel, law firms, and business professionals with efficiency, clarity, and confidence. Clients rely on Epiq to streamline the administration of business operations, class action and mass tort, court reporting, eDiscovery, regulatory, compliance, restructuring, and bankruptcy matters. Epiq subject-matter experts and technologies create efficiency through expertise and deliver confidence to high-performing clients around the world.
An article extract from Zach Whittaker of TechCrunch
Legal Services Giant Epiq Global Offline After Ransomware Attack
A source with knowledge of the incident but who was not authorized to speak to the media said the ransomware hit the organization’s entire fleet of computers across its 80 global offices. According to an internal communication sent to staff that was obtained by TechCrunch, the law services company said staff should “not go” to their local offices without managerial approval. Staff in offices were advised to avoid connecting any device to the network. The communication also said that staff should “turn off the Wi-Fi on your laptop before entering the parking lot of the building” in an effort to prevent the spread of the ransomware.
Many of the computers were running old versions of Windows, the source said. “Nothing is up to date,” the source said.
The source came forward because, in their words, “we were told not to tell clients anything until we are back in.”
An article extract from Artificial Lawyer
The Epiq Ransomware Attack – A Threat Analyst’s View
This site asked Canada-based threat analyst, Brett Callow, at security company Emsisoft, who has written extensively about attacks on the legal sector before, what he thought this attack meant.
Callow’s first point was that he believes it’s too early to be certain that client data hasn’t been compromised.
A source close to Epiq told this site that ‘no client data had been accessed’, while an official statement added that: ‘There is no evidence of any unauthorized transfer or misuse or exfiltration of any data in our possession.’
From Callow’s perspective saying this with absolute certainty so soon after the initial attack may not be possible.
‘Ransomware incidents should be regarded as data breaches from the get-go. Waiting for several weeks until a forensic analysis is complete gives the criminals too much time to work with any data that was exfiltrated,’ he said.
He explained to Artificial Lawyer that the situation can sometimes be like ‘someone walking into a burglarised home and saying: ‘I don’t think anything has been taken’.’
‘Working out what did or did not happen during a ransomware incident requires a full forensic investigation that can take several weeks,’ he added.
An article extract from Frank Ready of Legaltech News
Epiq Global Takes Systems Offline Following Ransomware Attack
Visitors to Epiq Global’s website on Monday likely received the following message: “Our corporate web site is offline to perform maintenance.” The e-discovery and managed services company took its systems offline on Saturday after detecting “unauthorized activity” that a spokesperson has since confirmed as a ransomware attack. The outage was first reported by legal tech journalist Bob Ambrogi.
The timeline for bringing Epiq’s systems back online is still unclear—which could pose issues to customers with projects to complete.
An article extract from Bob Ambrogi of LawSites
Epiq Global Down As Company Investigates Unauthorized Activity on Systems
Epiq Global, an international e-discovery and managed services company, has taken its systems offline globally after detecting unauthorized activity.
Epiq made the move on Saturday as part of its data security response plan and has brought on a third-party forensics firm to conduct an investigation.
Among the systems taken offline are Epiq’s instances of the Relativity e-discovery software, leaving customers unable to work on review projects they have underway.
- The Intersection of International Law and Cyber Operations: An Interactive Cyber Law Toolkit
- Chinese Military Personnel Charged with Equifax Hacking