An Epiq Ransomware Attack Hits Legal Services Industry Leader

Epiq, a global leader in the legal services industry, today shared that it has taken its systems offline globally to contain the threat of a confirmed ransomware attack. The timeline for the online restoration of the systems remains unclear at the current time.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Editor’s Note: This incredibly unfortunate and highly visible event in the eDiscovery ecosystem highlights a challenge faced by every law firm, corporation, and legal services provider, that being the protection and preservation of data privacy, systems security, and business continuity in the face of nefarious cybersecurity threats.

Update: The website presence of Epiq has returned as of mid-afternoon on Tuesday, March 3, 2020. (EpiqGlobal.com)

Press Announcement from Epiq

Epiq Issues Statement on Unauthorized System Activity

Epiq, a global leader in the legal services industry, today [March 2, 2020] issued the following statement:

On February 29, we detected unauthorized activity on our systems, which has been confirmed as a ransomware attack. As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation.

Our technical team is working closely with world-class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible.

Federal law enforcement authorities have also been informed and are involved in the investigation.

As always, protecting client and employee information is a critical priority for the company. At this time there is no evidence of any unauthorized transfer or misuse or exfiltration of any data in our possession.

About Epiq

Epiq, a global leader in the legal services industry, takes on large-scale, increasingly complex tasks for corporate counsel, law firms, and business professionals with efficiency, clarity, and confidence. Clients rely on Epiq to streamline the administration of business operations, class action and mass tort, court reporting, eDiscovery, regulatory, compliance, restructuring, and bankruptcy matters. Epiq subject-matter experts and technologies create efficiency through expertise and deliver confidence to high-performing clients around the world.

Read the complete release at Epiq Issues Statement on Unauthorized System Activity


An article extract from Zach Whittaker of TechCrunch

Legal Services Giant Epiq Global Offline After Ransomware Attack

A source with knowledge of the incident but who was not authorized to speak to the media said the ransomware hit the organization’s entire fleet of computers across its 80 global offices. According to an internal communication sent to staff that was obtained by TechCrunch, the law services company said staff should “not go” to their local offices without managerial approval. Staff in offices were advised to avoid connecting any device to the network. The communication also said that staff should “turn off the Wi-Fi on your laptop before entering the parking lot of the building” in an effort to prevent the spread of the ransomware.

Many of the computers were running old versions of Windows, the source said. “Nothing is up to date,” the source said.

The source came forward because, in their words, “we were told not to tell clients anything until we are back in.”

Read the complete article at Legal Services Giant Epiq Global Offline After Ransomware Attack


An article extract from Artificial Lawyer

The Epiq Ransomware Attack – A Threat Analyst’s View

This site asked Canada-based threat analyst, Brett Callow, at security company Emsisoft, who has written extensively about attacks on the legal sector before, what he thought this attack meant.

Callow’s first point was that he believes it’s too early to be certain that client data hasn’t been compromised.

A source close to Epiq told this site that ‘no client data had been accessed’, while an official statement added that: ‘There is no evidence of any unauthorized transfer or misuse or exfiltration of any data in our possession.’

From Callow’s perspective saying this with absolute certainty so soon after the initial attack may not be possible.

‘Ransomware incidents should be regarded as data breaches from the get-go. Waiting for several weeks until a forensic analysis is complete gives the criminals too much time to work with any data that was exfiltrated,’ he said.

He explained to Artificial Lawyer that the situation can sometimes be like ‘someone walking into a burglarised home and saying: ‘I don’t think anything has been taken’.’

‘Working out what did or did not happen during a ransomware incident requires a full forensic investigation that can take several weeks,’ he added.

Read the complete article at The Epiq Ransomware Attack – A Threat Analyst’s View


An article extract from Frank Ready of Legaltech News

Epiq Global Takes Systems Offline Following Ransomware Attack

Visitors to Epiq Global’s website on Monday likely received the following message: “Our corporate web site is offline to perform maintenance.” The e-discovery and managed services company took its systems offline on Saturday after detecting “unauthorized activity” that a spokesperson has since confirmed as a ransomware attack. The outage was first reported by legal tech journalist Bob Ambrogi.

The timeline for bringing Epiq’s systems back online is still unclear—which could pose issues to customers with projects to complete.

Read the complete article at Epiq Global Takes Systems Offline Following Ransomware Attack


An article extract from Bob Ambrogi of LawSites

Epiq Global Down As Company Investigates Unauthorized Activity on Systems

Epiq Global, an international e-discovery and managed services company, has taken its systems offline globally after detecting unauthorized activity.

Epiq made the move on Saturday as part of its data security response plan and has brought on a third-party forensics firm to conduct an investigation.

Among the systems taken offline are Epiq’s instances of the Relativity e-discovery software, leaving customers unable to work on review projects they have underway.

Read the complete article at Epiq Global Down As Company Investigates Unauthorized Activity on Systems

Additional Reading

Source: ComplexDiscovery

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during the last two years with 334 individual responses, the semi-annual eDiscovery Pricing Survey highlights pricing on selected collection, processing, and review tasks. The aggregate results of all surveys as shared in the provided comparative charts may be helpful for understanding pricing and its impact on purchasing behavior on selected services over time.



Access the Results Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

A Pillar of Empowerment? Evaluating and Reviewing GDPR Data Protection

The general view is that two years after it started to...

Connecting the Dots: Considering eDiscovery from Initiators to Ecosystem

From a macro perspective, connecting the dots in eDiscovery is to...

XDD Acquires RVM

According to XDD CEO Bob Polus, “Merging forces with RVM further...

Ipro Acquires NetGovern

According to Dean Brown, CEO at Ipro Tech, “We are thrilled...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during...

A Pandemeconomic Indicator? Summer 2020 eDiscovery Pricing Survey Results

Based on the complexity of data and legal discovery, it is...

COVID-19 Constrained? The Impact of Six Issues on the Business of eDiscovery

In the spring of 2020, 51.2% of respondents viewed budgetary constraints...

A Cause to Pause? eDiscovery Operational Metrics in the Spring of 2020

In the spring of 2020, 150 eDiscovery Business Confidence Survey participants...

XDD Acquires RVM

According to XDD CEO Bob Polus, “Merging forces with RVM further...

Ipro Acquires NetGovern

According to Dean Brown, CEO at Ipro Tech, “We are thrilled...

Morae Acquires Legal Management Consultancy Janders Dean

According to Janders Dean founder Justin North, "Now more than ever,...

eDiscovery Mergers, Acquisitions, and Investments in Q2 2020

From UnitedLex to Onna, ComplexDiscovery findings, data points, and tracking information...

Five Great Reads on eDiscovery for June 2020

From collection market size updates to cloud outsourcing guidelines, the June...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...

Five Great Reads on Data Discovery and Legal Discovery for March 2020

From business continuity considerations to cybersecurity attacks, the March 2020 edition...