Cyber Incident Victim: Kapellmann und Partner Rechtsanwälte mbB
Date:
Feb 2023
Location:
Germany
Summary
Kapellmann und Partner Rechtsanwälte mbB experienced a ransomware attack that blocked IT systems and encrypted company data across all locations in an extortion attempt. While the firm's website and phone systems remained operational, email communications were disrupted, prompting alternative contact methods via landline, mobile phones, or a secure legal electronic mailbox for urgent documents. Immediate protective measures were implemented, with specialists and law enforcement collaborating to analyze the incident and restore data securely. The disruption caused potential service delays, with the organization apologizing for inconveniences and committing to updates through its homepage and social media channels during recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 3, 2023, Kapellmann und Partner Rechtsanwälte mbB experienced a ransomware attack that disrupted operations across all its office locations. The attack rendered IT systems inoperable by encrypting corporate data, with the explicit objective of extorting ransom payments from the law firm. Critical business functions were interrupted as threat actors blocked access to internal systems, though the firm’s public-facing website (www.kapellmann.de) and landline telephone infrastructure remained unaffected. Email communications were completely disabled, severing a primary channel for client interactions and internal coordination. The incident triggered an immediate response from Kapellmann’s internal teams, who initiated protective measures to safeguard remaining data assets while specialists began forensic analysis. Operational continuity was partially maintained through alternative communication methods, with attorneys and staff available via landline and mobile phones as documented in existing client records.
Kapellmann mobilized specialized cybersecurity personnel and internal staff to assess the breach scope and restore encrypted data within a secure IT environment. The firm formally engaged law enforcement authorities and collaborated with external cyber experts to investigate the attack’s origin and mitigate further risks. Business interruptions caused significant operational delays, with the management publicly acknowledging potential service disruptions and apologizing for resultant client inconveniences. Urgent legal document exchanges were rerouted through Germany’s besondere elektronische Anwaltspostfach (beA) system or via conventional court channels to maintain critical workflows. Recovery efforts strained organizational resources due to the complexity of data restoration and system remediation processes. Kapellmann committed to providing ongoing incident updates through its website and LinkedIn profile while maintaining transparency regarding restoration timelines. The firm emphasized its prioritization of data recovery and system security throughout the response phase without disclosing specifics regarding ransom demands or negotiation status.