The PolySwarm Blog

Verticals Targeted: Legal Services, Law Firms
Regions Targeted: US, Europe, Israel
Related Threat Actors and Malware: UNC3753, Akira, Qilin, DragonForce, INC, The Gentlemen

Executive Summary

Legal services organizations continue to face elevated cyber risk due to the vast quantities of confidential information they maintain on behalf of clients. Law firms, legal consultancies, title services, and compliance organizations routinely store merger and acquisition plans, litigation records, intellectual property, financial disclosures, personally identifiable information (PII), and privileged communications. Recent activity attributed to UNC3753 highlights a growing trend in which threat actors increasingly prioritize data theft and extortion over traditional ransomware deployment. As cybercriminal groups continue targeting the legal sector for its uniquely valuable information assets, organizations must strengthen both technical and operational defenses to protect client confidentiality, business continuity, and professional reputation.

Verticals Targeted: Aerospace, Manufacturing, Professional Services, Scientific and Technical Services, Retail, Construction, Insurance, Telecommunications, Hospitality, and Legal Services

Executive Summary

Akira ransomware is one of the most prolific ransomware families of 2024. Active in the wild since April 2023, Akira has continued to evolve, maintaining its relevance on the threat landscape.

Related Families: Megazord
Verticals Targeted: Manufacturing, Business Services, Construction, Education, Finance, Legal Services, Retail, Architecture, Engineering and Design, and Investment Banking

Executive Summary

Akira ransomware, active since April 2023, was recently observed targeting Windows and Linux systems.