S'pore law firm allegedly paid ransom of S$1.89 million after being hit by cyber attack

The claim of a ransom payment was made by an independent website.

Matthias Ang | May 04, 2024, 12:15 PM



Singapore law firm Shook Lin & Bok was targeted in a ransomware attack in April 2024.

It added that it discovered the attack on Apr. 9 and immediately contacted a cyber security team.

The firm's systems were contained by 2am on Apr. 10 and the incident was reported to the police, the Cyber Security Agency (CSA), and the Personal Data Protection Commission Singapore, according to a statement by the law firm that was cited by The Straits Times.

Shook Lin & Bok added that there was no evidence its document management systems, which contain client data have been affected, and it continues to operate as per normal.

In addition, it is working together with cyber security teams and other specialists to reduce the impact on clients and stakeholders to a minimum.

Independent site claims law firm paid US$1.4 million in bitcoin as ransom

Independent website SuspectFile also claimed that Shook Lin & Bok paid a ransom of US$1.4 million (S$1.89 million) in bitcoin to the Akira ransomware group.

The website also alleged that the Akira ransomware group had initially demanded a ransom of US$2 million (S$2.7 million) in bitcoin but the firm was able to negotiate this down.

The ransom was supposedly for the decryption keys to the firm's ESXi virtualisation platforms.

According to an expert quoted by The Straits Times, a ESXI virtualisation platform works as an operating system for firms to create virtual servers and networks, among other physical machines.

The group likely also stole corporate data which it could use in an extortion attempt, said the expert.

This means that the legal firm can be threatened both with a disruption to daily operations and with the leaking of confidential information.

The expert noted that the Akira ransomware group, which began its operations in early 2023, usually targets small and medium-sized businesses as they are seen as having weaker cyber-security.

The group will also threaten to release stolen data online unless it is paid ransoms of between US$200,000 (S$270,000) and US$4 million (S$5.4 million).

Mothership has reached out to Shook Lin & Bok for more information on SuspectFile's claims.

CSA has offered assistance to law firm

In a statement given to CNA, a CSA spokesperson said it is aware of the incident and has offered assistance to the law firm.

The spokesperson also said the government "strongly" discourages the payment of ransoms as there is no guarantee that locked data will be decrypted or that stolen data will not be used for malicious purposes once the ransom has been paid.

The spokesperson added:

"Threat actors may also see such organisations as soft targets who are willing to pay up, and strike again. Paying also encourages the threat actors to continue their criminal activities and target more victims."

Ransomware also remains a growing concern in Singapore and around the world, the spokesperson noted.

The public should refer to the ransomware portal for tools and resources on how to deal with such an issue.

Organisations are also advised to report any ransomware attacks to the police and CSA's Singapore Cyber Emergency Response Team.

Top image via Canva