Cyber Incident Victim: 4 New Square Chambers
Date:
Jun 2021
Location:
United Kingdom
Summary
A law firm specializing in IT disputes experienced a ransomware attack involving data theft, prompting it to secure a High Court injunction against unidentified perpetrators to prevent the publication or disclosure of stolen information. The order targeted individuals believed responsible for the cyberattack and subsequent extortion attempts, though no stolen data had appeared on known ransomware leak sites at the time of reporting. The incident reflects broader challenges in combating ransomware operations, as such groups typically operate from jurisdictions unresponsive to foreign court orders and employ double-extortion tactics—encrypting data while threatening its release unless paid. The firm’s legal measure highlights the difficulty of deterring criminal actors who routinely target entities globally with minimal repercussions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around June 12, 2021, 4 New Square, a barristers' chambers specializing in IT disputes, suffered a ransomware attack involving data theft. The attackers employed a double-extortion tactic, encrypting the firm's networks and threatening to publish stolen data unless ransom demands were met. The chambers did not disclose the specific type of ransomware used, the scope of compromised systems, or whether data encryption disrupted operations. By late June, no stolen data had appeared on known ransomware leak sites operated by prominent gangs. In response, 4 New Square obtained a civil injunction from the UK High Court on an unspecified date in late June 2021. Mrs Justice Steyn issued the order against "person or persons unknown" responsible for the cyberattack and blackmail attempts, prohibiting them from using, publishing, or disclosing the stolen information. The injunction included a return date of July 9, 2021, for further court proceedings.
The legal action represented an unconventional approach to ransomware response, as the attackers' identities and locations remained unknown, with industry analysis suggesting likely operation from jurisdictions like Russia or North Korea that do not enforce English court orders. The injunction's practical effectiveness was questioned given ransomware gangs' established patterns of ignoring legal sanctions, as evidenced by high-profile attacks on Colonial Pipeline, Ireland's Health Service Executive, and Sol Oriens occurring around the same timeframe without resulting arrests of perpetrators. By July 6, 2021, when the injunction was publicly reported, no 4 New Square data had surfaced on dark web leak sites. The chambers did not disclose whether ransom payments were made, whether decryption tools were obtained, or what specific data was exfiltrated. The incident highlighted the legal challenges of combating transnational ransomware operations through domestic court mechanisms when attackers operate with impunity from hostile foreign territories.