Singapore law firm Shook Lin & Bok suffers cyber attack; He allegedly paid $1.89 million in bitcoins as a ransom

SINGAPORE – Singapore law firm Shook Lin & Bok was hit by a ransomware attack in April, and local authorities are now investigating the incident.

In response to queries from The Straits Times, the company said in a statement that the incident was discovered on April 9 and it immediately hired a cybersecurity team.

The company’s systems were locked at 2 a.m. on April 10 and the incident was reported to the police, the Cyber ​​Security Agency of Singapore (CSA) and the Singapore Personal Data Protection Commission, according to the release.

The firm is working closely with cybersecurity teams and other specialists to minimize the impact on its clients and stakeholders.

So far there is no evidence that the company’s document management systems containing customer data have been affected and the company continues to operate as usual, the statement added.

According to a report by independent website SuspectFile, which primarily publishes about ransomware incidents, the law firm allegedly paid 21.07 bitcoins to the Akira ransomware group spread across three transactions. The amount was equivalent to around US$1.4 million (S$1.89 million) at the time of payment.

When contacted by ST, the company did not respond to questions about whether it had paid any ransom to the group.

Shook Lin & Bok offers services in areas such as banking and finance, capital markets and construction and projects.

The group had initially demanded a payment of $2 million in bitcoin, but the company was able to negotiate to reduce the ransom, according to the report.

The Akira ransomware group began operating in early 2023 and typically demands ransoms of between $200,000 and $4 million to prevent stolen data from being published online, said Leonardo Hutabarat, head of solutions engineering for Asia-Pacific and Japan. from IT security company LogRhythm. .

The group typically goes after small and medium-sized businesses, which are perceived as easier targets due to weaker cybersecurity systems, he said, adding that it uses tactics such as phishing emails and the exploitation of unpatched software vulnerabilities to infiltrate the systems.

The group uses double or multiple extortion techniques, in which it threatens to leak or sell private and confidential data, while denying victims access to encrypted data or systems, he added.

According to the SuspectFile report, the law firm had allegedly paid the ransom to obtain decryption keys for its ESXi virtualization platform.

The platform works as an operating system that helps organizations create virtual representations of servers, storage, networks and other physical machines, Hutabarat said.

He added that Akira also likely stole corporate data before encrypting the files, which he could use as leverage in extortion attempts.

“The threat the victim faces here is twofold: one, the loss of access to their virtual servers, which affects the continuity of daily operations,” Hutabarat said. “Secondly, the threat of sensitive corporate and customer data being leaked, which can cause reputational damage and financial loss.”

The Akira group previously claimed responsibility for a December 2023 data breach at Nissan Oceania, the regional division of Japanese automaker Nissan.

A CSA spokesperson told ST that the agency is aware of this incident and has offered assistance to the law firm.