Cyber Incident Victim: Seyfarth Shaw LLP

On October 10, 2020, Seyfarth Shaw LLP experienced a ransomware attack described as sophisticated and aggressive. The firm’s monitoring systems detected unauthorized activity consistent with ransomware, prompting immediate action by its IT team to contain the attack and prevent further spread across its network. The attackers encrypted numerous firm systems, leading Seyfarth to proactively shut down affected infrastructure as a precautionary measure. While the attack disrupted operations, the firm’s initial investigation found no evidence that client or internal data had been accessed or exfiltrated. Seyfarth engaged the FBI to assist in the response and initiated recovery efforts to restore encrypted systems. The incident coincided with attacks on other unspecified entities, suggesting a broader campaign targeting multiple organizations simultaneously.

The ransomware attack significantly impacted Seyfarth’s email systems, which remained offline following the incident, though phone systems continued functioning. To maintain client communication, the firm established an alternative contact form on its website and committed to providing regular updates. Operational disruptions included encrypted systems requiring shutdowns, but the firm prioritized restoring services while safeguarding client confidentiality. Seyfarth publicly disclosed the attack on the same day it occurred, a move that preempted potential reputational damage from threat actors leaking news of the compromise. The notification emphasized ongoing coordination with law enforcement and round-the-clock efforts to recover systems, though it did not specify whether ransomware payments were considered or made. No subsequent data leaks or auctions tied to Seyfarth appeared on ransomware group Dedicated Leak Sites (DLS), consistent with other law firms that refused ransom demands in prior incidents.