Anubis Ransomware Group Strikes New Zealand Law Firm, Exposing Sensitive Client Data
In January 2026, Napier-based law firm Langley Twigg fell victim to a cyberattack by the Anubis ransomware group, a Russian-linked ransomware-as-a-service (RaaS) operation first detected in February 2025. The group, known for its aggressive multi-extortion tactics, breached the firm’s systems on January 11, exfiltrating internal records, client documents, and sensitive personal data including employee and client passport scans, financial reports, and property transaction files.
Langley Twigg detected the intrusion through security monitoring tools and immediately took its network offline, engaging digital forensics specialists to contain the breach. While the firm confirmed that data was accessed and copied, the full scope of the exposure remains under investigation. The compromised materials later published on Anubis’s darknet leak site include identity documents, settlement statements, and regulatory records, raising concerns about potential identity theft and fraud for affected individuals.
Unlike traditional ransomware attacks that rely solely on file encryption, Anubis employs a multi-extortion strategy, combining data theft with reputational pressure and regulatory threats. The group has previously targeted healthcare and professional services sectors, including a Queensland medical clinic in December 2025, and is known for contacting third parties, such as journalists, to amplify the impact of its leaks.
Langley Twigg has notified New Zealand’s Office of the Privacy Commissioner and Police, both of which are investigating the incident. The firm is working to identify affected clients and assess legal obligations under privacy breach regulations. Meanwhile, the New Zealand Law Society has reinforced cybersecurity guidance for legal practices, emphasizing multi-factor authentication, staff training, and secure backups in response to rising threats.
The attack underscores the growing risk to small and medium-sized enterprises (SMEs), which often lack dedicated cybersecurity teams. Netsafe’s chief online safety officer, Sean Lyons, noted that while some breaches are targeted, others exploit known vulnerabilities in broader campaigns. The incident follows another major breach at ManageMyHealth, a patient portal, highlighting persistent cyber risks for organizations handling financial, identity, and health data.
As investigations continue, the Anubis breach serves as a reminder of the financial, regulatory, and reputational consequences of ransomware attacks, particularly for firms managing sensitive client information.
Langley Twigg Law cybersecurity rating report: https://www.rankiteo.com/company/langley-twigg-law
"id": "LAN1774881839",
"linkid": "langley-twigg-law",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Legal services',
'location': 'Napier, New Zealand',
'name': 'Langley Twigg',
'size': 'SME',
'type': 'Law firm'}],
'customer_advisories': 'Affected clients being identified and notified '
'(ongoing).',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes (passport scans, '
'client personal data)',
'sensitivity_of_data': 'High (personally identifiable '
'information, financial data)',
'type_of_data_compromised': ['Identity documents',
'Settlement statements',
'Regulatory records',
'Passport scans',
'Financial reports',
'Property transaction files']},
'date_detected': '2026-01-11',
'description': 'In January 2026, Napier-based law firm Langley Twigg fell '
'victim to a cyberattack by the Anubis ransomware group, a '
'Russian-linked ransomware-as-a-service (RaaS) operation. The '
'group breached the firm’s systems on January 11, exfiltrating '
'internal records, client documents, and sensitive personal '
'data including employee and client passport scans, financial '
'reports, and property transaction files. The compromised '
'materials later published on Anubis’s darknet leak site '
'include identity documents, settlement statements, and '
'regulatory records, raising concerns about potential identity '
'theft and fraud for affected individuals.',
'impact': {'brand_reputation_impact': 'High (reputational pressure from '
'multi-extortion tactics)',
'data_compromised': 'Internal records, client documents, sensitive '
'personal data (passport scans, financial '
'reports, property transaction files)',
'identity_theft_risk': 'High (exposure of passport scans and '
'personal data)',
'legal_liabilities': 'Potential under New Zealand privacy breach '
'regulations',
'operational_impact': 'Network taken offline, digital forensics '
'investigation initiated'},
'initial_access_broker': {'data_sold_on_dark_web': 'Published on Anubis’s '
'darknet leak site'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Growing risk to SMEs due to lack of dedicated '
'cybersecurity teams; importance of multi-factor '
'authentication, staff training, and secure backups.',
'motivation': 'Financial gain, reputational pressure, regulatory threats',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Anubis'},
'recommendations': ['Implement multi-factor authentication',
'Conduct regular staff training',
'Maintain secure backups',
'Enhance monitoring for known vulnerabilities'],
'references': [{'source': 'New Zealand Law Society'},
{'source': 'Netsafe (Sean Lyons)'}],
'regulatory_compliance': {'regulations_violated': 'Potential violation of New '
'Zealand privacy laws',
'regulatory_notifications': 'Yes (Office of the '
'Privacy Commissioner)'},
'response': {'communication_strategy': 'Notification to Office of the Privacy '
'Commissioner and affected clients '
'(ongoing)',
'containment_measures': 'Network taken offline',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (New Zealand Police)',
'third_party_assistance': 'Digital forensics specialists'},
'stakeholder_advisories': 'New Zealand Law Society reinforced cybersecurity '
'guidance for legal practices.',
'threat_actor': 'Anubis ransomware group',
'title': 'Anubis Ransomware Group Strikes New Zealand Law Firm, Exposing '
'Sensitive Client Data',
'type': 'Ransomware'}