International law firm Jones Day has been targeted in a ransomware attack and the stolen files were dumped on the internet.

First reported Feb. 13 by DataBreaches.net, the attack is believed to have involved the Clop ransomware gang, the same group behind an attack on German tech giant Software AG in October. Officially Jones Day is claiming that its network was not compromised and that the theft of data involved a file-sharing company that it uses to store files.

Those behind the Clop ransomware argue otherwise, claiming that they had obtained 100 gigabytes of files from servers belonging to Jones Day and have started to publish redacted files as proof of their successful ransomware attack. In the attack on Software AG, Clop had demanded a ransom payment of $20 million in return for a decryption key and a promise not to publish the data they had stolen.

Where the alleged ransomware attack takes an interesting turn is with the suggestion that the attack vector was via a vulnerability in software from Accellion Inc., a Palo Alto-based private cloud solutions company focused on secure file sharing and collaboration. Accellion software was linked to a data breach in which 1.4 million unemployment records were stolen from the Office of the Washington State Auditor Feb. 2. It’s also believed to be the attack vector involved in the recent hacks of the Reserve Bank of New Zealand and the Australian Securities and Investment Commission.

Even if  how files were stolen from Jones Day could be arguable given the law firm’s seeming lack of solid confirmation, data was indeed stolen. The Wall Street Journal reported today that it not only could view some files but also could “see the existence of many more files — mammoth in size — also purported to belong to Jones Day.”

“Like the Solarwinds supply chain attack, the cybercriminals are focusing their attacks on those third parties and service providers that support many customers,” James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “These organizations will want to review and elevate their security programs to ensure they do not suffer a breach, leading to a similar compromise. These attacks damage the organization’s customers and clients, and damage the reputation and possible bottom line for that organization.”

One solution to protect data is to encrypt it before transferring it and protect it from the third-party provider, McQuiggan added. “Upon delivery to the receiver, they would have the key to decrypt and view the data,” he said.

Photo: AngonsticPreachersKid/Wikimedia Commons