Articles
June 9, 2023

HWL Ebsworth refuses to pay ransom for files


Featured image for “HWL Ebsworth refuses to pay ransom for files”

HWL Ebsworth refuses to pay ransom for stolen files

HWL Ebsworth, the largest legal partnership in Australia, has recently suffered a data breach. Hackers infiltrated the firm’s computer systems and accessed highly sensitive client data. The ransomware attackers demanded payment in exchange for the stolen files. However, the firm announced that they would not pay any ransom to the hackers.

Hacking incident details

The hacking incident reportedly occurred towards the end of April 2021. The attackers used a sophisticated form of ransomware called “Sodinokibi” to infiltrate the firm’s computer systems. The ransomware is notoriously difficult to remove once it has taken root. As a result, HWL Ebsworth’s data was effectively held to ransom by the attackers.

Reasoning behind not paying the ransom

Instead of paying the ransom, HWL Ebsworth has opted to take a different approach. The firm has been working hard to restore its computer systems and to repair the damage caused by the attack. They have pledged to provide alternative means for clients to access their services while the system is down to minimize the disruption caused by the incident.

In a statement released by the firm, they claim that paying the ransom would not guarantee the safe return of their data, and could even encourage further attacks. Furthermore, according to Australian law, it is illegal to pay a ransom to a cyber-criminal.

As additional precautionary measures, HWL Ebsworth has notified the Australian Cyber Security Centre (ACSC) and other regulatory bodies about the breach. The firm has also encouraged affected clients to monitor any potentially suspicious activity related to their accounts.

The HWL Ebsworth data breach highlights the importance of maintaining adequate cybersecurity measures in today’s digital world. While this particular incident was unfortunate for the firm and their clients, HWL Ebsworth’s decision not to pay the ransom is a principled stance against cybercrime. By notifying authorities and taking steps to fix the damage done, they are taking responsible actions to protect their clients’ privacy.