BakerHostetler: Annual Data Security Report Shows Increase in Attacks Against Law Firms

Ransomware Attacks on Law Firms Surge in 2025, Fueled by AI and Sophisticated Tactics

BakerHostetler’s 2026 Data Security Incident Response (DSIR) Report, released on March 26, 2026, reveals a sharp escalation in ransomware attacks targeting law firms, with incidents nearly doubling over the previous year. The report, based on data from 2025, highlights law firms as prime targets due to their troves of sensitive client data, making them vulnerable to extortion and financial fraud.

Key findings from the report include:

• Attack Vectors: Phishing remained the leading entry point (nearly one-third of breaches), while 25% involved third-party vendors. Outdated or insufficient endpoint detection and response (EDR) systems accounted for 21% of intrusions.
• Tactics: Attackers employed data exfiltration for blackmail, encryption to lock victims out, and email hijacking to expand phishing operations. Wire fraud alone siphoned over $15 million in 2025, with only 27% recovered.
• Ransom Demands: The average initial demand surged 70% to $4.2 million, while actual payouts averaged $683,000 a 34% increase. Negotiations typically lasted 20 to 60 days.
• AI Exploitation: Cybercriminals leveraged AI to accelerate attacks, while "Shadow AI" unauthorized generative AI tools used by employees created new vulnerabilities by exposing sensitive data.
• Notable Threat Actors: The ransomware group Chatty Spider (also known as Luna Moth or Silent Ransomware) combined social engineering with direct calls to attorneys, impersonating IT staff to gain access. Demands ranged from $500,000 to $21 million, with payouts averaging $450,000.

The report underscores the growing sophistication of ransomware operations, with law firms facing heightened risks of data breaches, contractual violations, and ethical repercussions. Despite 19 states adopting data privacy laws by early 2026, law enforcement continues to lag behind cybercriminals, leaving firms to bolster their defenses independently.

Source: https://www.findlaw.com/legalblogs/practice-of-law/annual-data-security-report-shows-increase-in-attacks-against-law-firms/

BakerHostetler cybersecurity rating report: https://www.rankiteo.com/company/bakerhostetler

"id": "BAK1774931036",
"linkid": "bakerhostetler",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Legal', 'type': 'Law firms'}],
 'attack_vector': ['Phishing',
                   'Third-party vendors',
                   'Outdated/insufficient EDR systems'],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive client data'},
 'date_publicly_disclosed': '2026-03-26',
 'description': 'BakerHostetler’s 2026 Data Security Incident Response (DSIR) '
                'Report reveals a sharp escalation in ransomware attacks '
                'targeting law firms in 2025, with incidents nearly doubling '
                'over the previous year. Law firms were prime targets due to '
                'their sensitive client data, making them vulnerable to '
                'extortion and financial fraud. Attackers used phishing, '
                'third-party vendors, and outdated EDR systems as entry '
                'points, employing data exfiltration, encryption, and email '
                'hijacking. AI was leveraged to accelerate attacks, while '
                "'Shadow AI' tools created new vulnerabilities. Notable threat "
                'actors included Chatty Spider (Luna Moth/Silent Ransomware).',
 'impact': {'brand_reputation_impact': 'Contractual violations, ethical '
                                       'repercussions',
            'data_compromised': 'Sensitive client data',
            'financial_loss': '$15 million (wire fraud alone, 27% recovered)'},
 'lessons_learned': 'Law firms face heightened risks of data breaches, '
                    'contractual violations, and ethical repercussions due to '
                    'sophisticated ransomware tactics. AI exploitation and '
                    "'Shadow AI' tools create new vulnerabilities. Law "
                    'enforcement lags behind cybercriminals, necessitating '
                    'independent defense bolstering.',
 'motivation': ['Extortion', 'Financial fraud', 'Data theft'],
 'post_incident_analysis': {'root_causes': ['Phishing',
                                            'Third-party vendors',
                                            'Outdated EDR systems',
                                            'Shadow AI tools']},
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransom_demanded': '$4.2 million (average initial demand), '
                                   '$500,000 to $21 million (Chatty Spider)',
                'ransom_paid': '$683,000 (average), $450,000 (Chatty Spider)',
                'ransomware_strain': 'Chatty Spider (Luna Moth/Silent '
                                     'Ransomware)'},
 'references': [{'date_accessed': '2026-03-26',
                 'source': 'BakerHostetler’s 2026 Data Security Incident '
                           'Response (DSIR) Report'}],
 'threat_actor': 'Chatty Spider (Luna Moth/Silent Ransomware)',
 'title': 'Ransomware Attacks on Law Firms Surge in 2025, Fueled by AI and '
          'Sophisticated Tactics',
 'type': 'Ransomware',
 'vulnerability_exploited': ['Insufficient endpoint detection and response '
                             '(EDR)',
                             'Shadow AI (unauthorized generative AI tools)']}