Casepoint offers legal advice for governmental organizations, businesses, and law firms in litigation, investigations, and compliance. The company has a number of well-known clients, including the U.S. Department of Defense (DoD), Marriott Hotels, the Securities and Exchange Commission (SEC), the U.S. Courts, and the Mayo Clinic.
Vishal Rajpara, the CTO and co-founder of Casepoint, released a statement in which he declined to confirm but otherwise did not seem to refute rumors that the ALPHV ransomware gang was responsible for the attack. BlackCat, the Russia-based ransomware gang claims to have stolen two terabytes of confidential data from Casepoint, which included data from the US government and “many other things you have tried so hard to keep,” the gang stated.
Some of the data stolen, according to TechCrunch, included private information from a Georgia-based hospital, a legal document, a state-sponsored ID and an internal document apparently issued by the FBI. However, the FBI is yet to confirm the allegations made by TechCrunch.
Following Casepoint’s acknowledgment of the investigation, ALPHV updated on the issue in a statement published on May 31. The firm also shared what seems to be the login details for the company’s software.
Rajpara published a statement on the issue, saying “Casepoint remains fully operational and have experienced no disruption to our services[…]the third-party forensic firm that we have engaged is currently running scans and deploying advanced endpoint detection monitoring tools and will be looking for signs of suspicious activity.” “We are early on in our investigation and are committed to keeping our clients informed as we learn more.”
However, Rajpara declined to comment on whether the business has technological resources to identify the data that was accessed or exfiltrated or whether it has been contacted by the ALPV ransomware organization with any communications, such as a ransom demand.
ALPHV Gang
The ALPHV gang has previously claimed to have attacked NextGen Healthcare, a U.S.-based maker of electronic health record software, and Ring, a video surveillance firm owned by Amazon. Despite the hackers' denials that they were connected to the gang, data obtained from Western Digital was also hosted on ALPHV's leak site.
Some other known victims of the ALPHV gang include Bandai Namco, Swissport, and the Munster Technological University in Ireland.