Law Firm’s Windows Server down in Hong Kong due to Ransomware

Well this one is interesting. I met someone through a trade show 1.5 years ago who is a paralegal in Hong Kong. This individual worked for a law firm in Hong Kong with a primary focus on personal injury law.

The ransomware note left for lawyers in Hong Kong

I mentioned to her about my business offering mitigation services against ransomware and they had brushed me off. Well, good thing our business kept in touch with them over the last several months. On Monday, they reached out and sent us a screenshot with the message:

“What happens?

Your network is encrypted, and currently not operational.

e need only money, after payment we wil1 give you a decryptor for the entire network and you wil1 restore al1 the data.

>>>> What data stolen?

From your network was stolen sensitive data.

If you do not contact us we wil1 publish al1 your data in our blog and wil1 send it to the biggest mass media.

>>>>What guarantees?We are not a politically motivated group and we do not need anything otherthan your money.If you pay, we will provide you the programs for decryption and we will delete your data.If we do not give you decrypters or we do not delete your data, no one will pay us in the future, this does not comply with our goalsWe always keep our promises.

>>>>Pay ransom amount contact Email:brenda.williamson.158@mail.ru

>>>>Payment cryptocurrency address USDT-TRC20

>>>>TRRCGWyXvmBMygKuC3Qgn6TfQN1TRqtknM

>>>>payment is completed, send the payment photo to Email: brenda.williamson.158@mail.ru

>>>>payment is completed Send via email we will provide you the programs

Sometimes you will need to wait for our answer because we attack many companies.

we will provide you the programs

Warning! Recovery recormnendations.

We strongly recommend you to do not MODIFY or REPAIR your files, that wil1 damage them”

Lockbit 3.0, DoNex or Black Busta

Their entire server was down, and nobody could access any files. They didn’t have virtualization—a must-have for any business—and their server was running on RAID1 (please, use RAID6!) with an 8TB drive, no domain controller, and no application server. About 65 staff were sitting ducks, completely cut off from client files with no way to work. In a panic, they shut down their entire setup, which took their VoIP system offline, too. No sales, no progress, just a massive payroll burning a hole in this Hong Kong personal injury law firm’s pocket.

I gathered some files and did a quick assessment to check for possible decryptors. After consulting with authorities, we felt we had a solid lead to help decrypt their files. But here’s the weird part: the owner, the principal lawyer, had almost no interest in decryption. First time I’ve seen this! He was so emotional and embarrassed that he blamed everyone—his staff, his team, you name it—except himself. Talk about an unexpected twist, especially when we were making headway.

Anyway, we’ll follow up next Monday to see if this guy’s calmed down. Right now, they’re still sitting ducks, unable to work. He’s talked to a few other companies, and their advice? Wipe all the computers and start over. I find that bizarre—they haven’t even assessed where the attack came from! That’s not good advice in my book.

An incident response team and a 24/7/365 cybersecurity service could’ve prevented this mess or at least minimized the damage.

Cybersecurity Services is a must have for law firms in Hong Kong.

We offer full cycle Managed IT Services and Cybersecurity protection services for your business in Hong Kong and beyond! Don’t end up being a sitting duck like this guy. Maybe he’ll change his mind after the labour day holiday in Hong Kong…

If you’re caught up with ransomware in Hong Kong for your business, don’t give up. There may be help. Or at least seek good advice and pay for an assessment to understand where your leak is from.

Sitting here @ Elephant Grounds Causeway Bay in Hong Kong. I need to do more blogs.