Law In Order, an Australian supplier of document and digital services to law firms, suffered a ransomware infection over the weekend that is believed to be the Netwalker malware.
The company confirmed the attack in a statement on its website, which it had managed to resurrect by Tuesday evening behind the protection of Cloudflare.
After detecting the attack, Law In Order said it halted many of its business operations and called in cyber security advisers to assist in the investigation and incident response.
“Our priority is to restore systems back online safely and quickly,” the company said in a statement.
“We are making progress, however it is important that we do this methodically and safely as we work to resume normal business operations.”
Law In Order said it had alerted authorities including the Australian Federal Police (AFP) and the Australian Cyber Security Centre (ACSC) to the attack.
The company said it was still working “to understand the scope and details of the incident.”
“This includes the extent to which information has been affected,” it said.
“We are assessing reports that a very small proportion of data on Law In Order’s servers has been exfiltrated and proactively advising customers who may be impacted.
“We have committed to being open and transparent with our customers and will continue to keep them informed as our work progresses.”
The company had earlier said that it had “seen no evidence of data exfiltration”, however it may have been forced to clarify this after online accounts linked to Netwalker posted proof of the ransomware infection, and threatened to publish data online if a ransom was not paid.
iTnews reported in August that Netwalker was earning its criminal operators increasing amounts of extortion money, citing research by security vendor McAfee.
Who is behind Netwalker is not known; however, it operates as a ransomware-as-a-service, meaning ransoms are split between operators and the malware developers who take a cut out of each transaction, McAfee said.