Law firm Shook Lin & Bok hit by ransomware attack

SINGAPORE: Law firm Shook Lin & Bok was hit by a ransomware attack in April, it confirmed on Thursday (May 2). 

The incident was discovered on Apr 9 and the law firm said it immediately engaged a cyber security team. Its systems were contained as of 2am on Apr 10, it said in a statement to CNA. 

There is no evidence so far that the firm’s core document management systems, which contain client data, were affected, the statement read.

The firm continues to operate as per usual. It is also working closely with cyber security teams and other specialists to minimise the impact to its clients and stakeholders arising from the “illegal cyber intrusion”. 

According to an article on SuspectFile, which calls itself an independent website focusing on the ransomware phenomenon, Shook Lin & Bok paid a ransom of US$1.4 million in Bitcoin to the Akira ransomware group. 

The group initially demanded a ransom of US$2 million, which was negotiated down after a week, the article said. 

The Cyber Security Agency of Singapore (CSA) said it was aware of the incident and has offered assistance to the law firm.

“The government strongly discourages victims from paying ransom, as there is no guarantee that locked data will be decrypted or that stolen data will not be used for malicious purposes once ransom has been paid,” its spokesperson said in a statement to CNA.

“Threat actors may also see such organisations as soft targets who are willing to pay up, and strike again. Paying also encourages the threat actors to continue their criminal activities and target more victims.”

Shook Lin & Bok did not respond to questions about whether it paid the ransom and how much it paid. CNA understands the firm has made a police report.

“All steps taken thus far in response to the illegal cyber intrusion and steps that we intend to take in future are and will be done with the best interest of our clients and stakeholders at the forefront of our consideration,” it said in its statement. 

Ransomware remains a growing concern in Singapore and around the world, said the CSA spokesperson. 

Organisations should take steps to enhance their posture against ransomware threats, said the spokesperson, urging them to refer to the government’s ransomware portal at go.gov.sg/rwportal for tools and resources.

If hit by ransomware, organisations should report it as soon as possible to the police and CSA’s Singapore Cyber Emergency Response Team, the spokesperson added. 

China’s biggest lender, the Industrial and Commercial Bank of China, paid a ransom last November to the Lockbit ransomware gang. ICBC’s US arm was hit by a ransomware attack that disrupted trades in the US Treasury market. 

The blackout at ICBC's US broker-dealer left it temporarily owing BNY Mellon US$9 billion, an amount many times larger than its net capital.

The hack was so extensive that even corporate email at the firm ceased to function, forcing employees to switch to Google mail, Reuters reported.

Also in November 2023, London-based law firm Allen & Overy suffered a “data incident impacting a small number of storage servers", but its email and document management system was not affected. Lockbit also took credit for the hack. 

In 2023, Lockbit claimed to have hacked a number of high-profile companies, including aerospace giant Boeing and Britain's Royal Mail.