The LockBit cybercrime group claims to have launched a successful cyberattack against Sagardoy Abogados, one of Spain’s most important labor law firms. in a statement published on its website deep web This Friday, the gang threatens to release confidential information stolen from the firm if their demands that they not be released are met. LockBit gives Sagardoy nine days before the data leak begins.
LockBit is an international cybercriminal group that has been active for several years. Since September, they have been introducing themselves as “LockBit 3.0” in reference to the third update of the software they use to carry out the attacks. It is based on stealing information from companies and organizations in order to later try to extort them by threatening to release confidential files.
The gang also starts attacking Ransomware, an infection that hijacks the victim’s computer systems and paralyzes their activity. One of LockBit’s latest cyber attacks against large organizations followed this modus operandi. It was carried out against Royal Mail, the British postal service, on January 10. The gang has leaked 44 gigabytes of the organization’s confidential information and is threatening to release more unless they receive payment. 66 million pounds (€80 million), which the Royal Mail refuses to implement. The British postal service has experienced major disruptions, particularly to international shipments, until 23 February.
Sources at Sagardoy Abogados assured elDiario.es that the firm is already in contact with the security forces and cyber security specialists and they are confident that the incident will be “resolved in a short time”. Sagardoy has also notified the Spanish Data Protection Agency of the potential data breach and will notify its clients of the incident.
Sagardoy Abogados is one of the most important labor law firms in Spain. They piloted Coca-Cola’s ERE, which was eventually struck down by the justices. One of its most high-profile lawyers took responsibility for defending Deliveroo’s labor model in 2018 when the Labor Inspectorate launched an investigation into the company for employing bogus self-employed workers. The dispute reached the Supreme Court, which ruled that the company’s distributors were falsely self-employed.
This cyber attack is the second confirmed incident suffered by Spanish organizations in less than a week. Last week, the computer systems of the Hospital Clinic in Barcelona became the victim of another attack Ransomware which paralyzed a large part of his activities. By this Friday, the clinic has already managed 90% of complex surgical activity, 40% of less complex and 70% of external consultations. However, services such as radiotherapy remain paralyzed.
The perpetrators of the cyberattack on the health center are demanding $4.5 million in exchange for restoring access to their systems, the Generalitat announced this Friday. Government spokespeople insist they won’t pay “a single cent”.
Source: El Diario