German Bar Association Investigating Cyberattack on Brussels Office
The German Federal Bar Association (BRAK) is currently investigating a cyberattack on its office in Brussels. The organization, which represents German lawyers nationwide, discovered the attack on August 2. BRAK is an umbrella organization overseeing 28 regional bars across Germany and representing approximately 166,000 lawyers both nationally and internationally.
The attack came to light after the NoEscape ransomware group claimed responsibility for targeting BRAK. This announcement came shortly after BRAK revealed that they were investigating a cyberattack. The organization has not provided further updates on the incident and has instead referred inquiries to its previous news release.
BRAK released a statement stating that they are working with a forensic firm to investigate the ransomware attack on its Brussels office. They have managed to restore access to their email system and are planning to reach out to individuals whose data may have been accessed during the incident.
According to the statement, the attack resulted in a failure of the IT systems at the Brussels office. Once the attack was discovered, all network connections were immediately severed. BRAK is currently collaborating with an external service provider for IT security to conduct a forensic analysis of their IT systems in order to understand the incident and repair any damage caused. They have also reported the incident to the Federal Commissioner for Data Protection and are in contact with Belgian and German law enforcement agencies regarding the attack.
During the cyberattack, the hackers encrypted BRAK’s mail server and exfiltrated approximately 160 gigabytes of data. The extent of the stolen information, particularly involving communications from individuals contacting the Brussels office, is still being determined. However, BRAK is operating under the assumption that some of this information may have been leaked.
While the organization runs a special email service for lawyers, they clarified that this mailbox is on a completely separate system and was not affected by the attack.
BRAK officials have warned the public to be cautious of any emails claiming to be from the organization, especially those requesting bank account information. The ransomware gang, NoEscape, has threatened to leak the stolen data and BRAK recommends vigilance in dealing with emails referencing or purporting to come from them.
The organization is currently preparing to resume normal operations following the incident.
NoEscape, also known as N0_Esc4pe, gained attention in June and July after successfully extorting money from Hawaiʻi Community College in a ransomware attack.
According to cybersecurity expert Allan Liska from Recorded Future, NoEscape was first detected in May when they advertised their services on a cybercriminal forum called RAMP. Liska described NoEscape’s ransomware as unique, as it is not based on previous or stolen source code and is written in C++. The group has already targeted at least six victims, including a hospital in Belgium and manufacturing companies in the US and the Netherlands.