Yesterday, Mewborn & DeSelms, Attorneys at Law began notifying 12,941 people of a data breach following a cyber attack in April 2024. Ransomware gang BlackSuit claimed an attack on the North Carolina law firm in May 2024.
In its notification, Mewborn & DeSelms states: “On April 2, 2024, Mewborn & DeSelms identified a network disruption and promptly initiated an investigation of the matter.” After employing cybersecurity specialists, the investigation found certain files may have been accessed without authorization. This includes names and Social Security numbers.
As a result of the breach, Mewborn & DeSelm is offering those affected free access to credit monitoring and fraud protection services via Cyberscout (the period of access isn’t disclosed).
In its claim, BlackSuit alleged to have stolen business data, employee data, financial data, and other data taken from shares and personal folders. Mewborn & DeSelms hasn’t confirmed BlackSuit’s claim or whether or not a ransom was demanded/paid. Comparitech has contacted the law firm for more information into the nature of this attack and will update this article if it responds.
Who is BlackSuit?
BlackSuit first emerged in April 2023 and is a rebrand of the ransomware group, Royal. Since April 2023, we have tracked 60 confirmed attacks via this group and 107 unconfirmed attacks. BlackSuit hasn’t made any claims this year so far and only claimed two victims (both unconfirmed) in December 2024.
Other recently confirmed attacks via this group include three other US organizations: Aiken Housing Authority (hit in June 2024, affecting over 3,100 people), Community High School District 117 (hit in June 2024, affecting 18,830 people), and Effortless Office Enterprises, LLC (hit in July 2024, affecting over 3,100 people).
This is its first and only attack on a company operating in the legal sector (both confirmed and unconfirmed).
BlackSuit is a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.
Ransomware attacks on the US legal sector
After tracking 41 attacks on US legal entities in 2023, we noted a drastic dip in 2024 with just 16 confirmed attacks in total. The number of records breached in these attacks was nearly 5.05 million in 2023 and 244,720 in 2024. The average ransom across both years was just over $518,000.
This data breach on Mewborn & DeSelm was the fourth largest by records affected in 2024.
So far this year there have been no reported ransomware attacks on US legal entities but other recently confirmed attacks from 2024 include: Kronick Moskovitz Tiedemann & Girard (hit by Rhysida in August 2024 with a ransom paid) and Berman & Rabin, P.A. (hit by an attack in July 2024 with 151,944 people affected in the subsequent data breach).
We are tracking 28 unconfirmed attacks on US legal organizations this year so far.
About Mewborn & DeSelms, Attorneys at Law
Christopher L. Mewborn, Attorney, P.A. d/b/a Mewborn & DeSelms, Attorneys at Law is located in Jacksonville, North Carolina. It has been providing a range of legal services to clients in Onslow County and throughout North Carolina for over 25 years.
