GUEST BLOG: Small Texas Law Firm Used in International Cyberattack

25 April 2016 Internet, IT & e-Discovery Blog Blog
Authors: Peter Vogel

My Guest Blogger John Ansbach is General Counsel of General Datatech, L.P. (“GDT”), and John is a seasoned attorney with a broad range of experience developed over more than 18 years of practicing law including as a corporate generalist, his background includes experience in contracts; cyberlaw; intellectual property; real estate; human resources; corporate governance; regulatory and compliance; and, litigation. He’s also developed experience as a legislative advocate and technologist, advocating for GDT and its industry partners in areas relating to cloud and cybersecurity, the Internet of Things (IoT), tax policy and patent reform.

 

SMALL TEXAS LAW FIRM USED IN INTERNATIONAL CYBERATTACK

April 22, 2016

It started a couple of days ago. The folks at the James Shelton law firm in Clarendon, Texas, about 60 miles east of Amarillo, began receiving calls. Thousands of calls from all over the place, including Canada and the U.K.

According to what’s known so far, cybercriminals apparently gained access to and used a law firm email account to email an unknown number of recipients with the subject “lawsuit subpoena.” The subject is company specific, and it asks if the “legal department” has received it yet. The email says the matter is, of course, “urgent,” and it includes a Word document attachment.

Actual email used in the cyberattack, intended to deceive recipients into clicking the attachment and downloading a malware infected payload.

In fact, the email (one was sent to our company here in Dallas) contains malware that is, according to sources, “a variant of Dridex… [It is a] virus [that] relies on macros in MS Office to propagate.”  “Dridex is a strain of banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers can steal banking credentials and other personal information on the system to gain access to the financial records of a user.” (emphasis added) (Source: Webopedia).

The law firm’s website now displays a warning banner about the cyberattack.

I spoke with Jim Shelton in Clarendon late this afternoon, who confirmed the attack. Working with his provider, they have disabled the email account and placed a bright red warning  banner on their website directing folks “not to click any links or download any attachments.” Jim told me he was also contacted by the State Bar of Texas, which had received calls about the email.

This attack is a serious one with the potential to cause significant damage and harm to folks who receive it and the companies they work for. If you or anyone you know receives an email like the one posted above, please do not open it and do not click on any attachments. Please do pass along word of this attack so that others might be made aware of and avoid it at all costs.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Authors

Related Services