Tuckers – Cyber/Ransomware attack

August 31, 2020

On Sunday 23 August 2020, Tuckers were victim to a significant cyber attack, by an organised criminal group that have previously targeted many small, medium and large companies from around the world, as well as public authorities.  Fortunately, the CaseRatio case and practice management environment developed and maintained by our in-house IT team was resilient to the attack, which means that we have been able to operate largely unaffected.   

The most significant disruption to our systems resulted from the impact to our Microsoft Exchange server, meaning that we lost emails for two days, but those systems are now restored as well. 

The attack has been reported to the National Cyber Crime Unit, the Information Commissioner and the Solicitors Regulation Authority and we are cooperating with all relevant authorities with regards the impact of this attack.  Whilst our live file data has not been compromised, a file server containing predominately archived file data was attacked and we know that some data has been removed from our systems.  It appears that the group responsible have a history of publishing some or all of the stolen data online, in the absence of a significant ransom payment.

Unfortunately for our attackers, targeting a criminal defence firm, with income predominantly from the legal aid sector with a view to extorting money, is something of a fool’s errand.  We have not engaged in any way with the attackers with regards the extent of any ransom that they are seeking – however, we have been advised that this group often values the data it extracts from its victims at between £1m and £10m.  We are not minded to negotiate with a group that have committed a criminal offence to obtain our data, and in any event given we cannot afford to pay any such ransom, we are working on other avenues to mitigate the loss of any data and impact on any individuals – on the basis of advice received by the appropriate authorities.  

 We are monitoring the situation and if we believe any particular individual is affected as a result of this cyber attack, we will seek to contact them directly.