Cyber Incident Victim: Epiq Global
Date:
Feb 2020
Location:
United States of America
Summary
A legal services provider serving major financial institutions and governments experienced a ransomware attack that forced a global shutdown of its systems to contain the infection. The organization took all systems offline, engaged third-party forensic investigators, and restricted employee access to offices and networks, instructing staff to avoid connecting devices or using Wi-Fi near facilities. Internal communications indicated widespread impact across its international offices, with outdated software potentially exacerbating the incident. While the company stated no evidence of data theft existed, it declined to disclose ransomware specifics, affected system percentages, or whether clients were notified. Operations continued with external expert assistance to restore services securely.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Epiq Global, a major provider of legal services to banks, credit institutions, and governments, experienced a ransomware attack on February 29, 2020. The company confirmed the incident and immediately took its global systems offline to contain the threat, describing this action as part of its comprehensive response plan. It engaged a third-party forensic firm to conduct an independent investigation while its technical team collaborated with external experts to restore systems securely. Publicly, Epiq attributed its website downtime to maintenance, but internal communications obtained by TechCrunch revealed broader operational disruptions. Employees across all 80 global offices were instructed not to enter workplaces without managerial approval and to avoid connecting devices to the network. Staff entering office premises were directed to disable laptop Wi-Fi in parking areas to limit ransomware propagation.
A source familiar with the incident disclosed that the ransomware compromised Epiq’s entire computer fleet, attributing the widespread impact to outdated systems running obsolete Windows versions. The company’s statement asserted no evidence of data theft occurred, though contemporary ransomware trends included data exfiltration prior to encryption, as exemplified by a separate attack on manufacturer Visser that same week. Epiq spokesperson Catherine Ostheimer declined to identify the ransomware variant, specify the percentage of affected data or devices, or verify the authenticity of internal staff directives leaked to TechCrunch. Client notification status remained unconfirmed, though offices remained operational during recovery efforts. Restoration priorities focused on bringing systems back online securely while maintaining business continuity through third-party partnerships.