The attackers appear to have used the NetWalker ransomware, that works only on Windows systems, to encrypt data after gaining access to the company's servers and have posted a number of screenshots of data that they claim is from the firm's systems.
Such screenshots are normally taken within the system that has been breached, in order to demonstrate that they are not secure.
They have said that data would be leaked on their site on the dark web in about seven days unless their ransom demand is met.
The company was set up in 1999 and has offices in Melbourne, Brisbane, Sydney, Perth and India.
|
"It’s no wonder so many top tier law firms, blue-chip companies and government agencies trust us with their highly sensitive and confidential information."
The statement about the incident, issued on Monday. said the compromise had been discovered on Sunday. "We have engaged expert cyber-security advisers, and they and our IT team are actively investigating the incident and responding to it, and working to bring systems back online safely and quickly," Law In Order said.
"We are making progress. However, it is important that we do this methodically and safely as we work to resume normal business operations.
"We are investigating the extent to which information contained in our system, including sensitive personal information, has been affected.
"At this stage we have seen no evidence of data exfiltration nor anything that indicates Law In Order's customers’ networks have been compromised.
"We will work with law enforcement agencies and privacy regulators as required. This year we have seen several high-profile cyber-security incidents impacting Australian companies and public sector entities.
"We will keep you informed as we learn more."
Contacted for comment, veteran ransomware researcher Brett Callow said: "In a recent interview, a person who claimed to be a member of REvil said the group had found companies in the legal sector to be one of the best targets.
"That is probably because they pay more, and pay more frequently, than companies in most other sectors. Given the sensitivity of the data which companies in the legal sector hold, this is, maybe, not particularly surprising."
Callow, who works for the New Zealand-headquartered security shop Emsisoft, added: "Companies faced with a data exfiltration situation have no good options. The fact is, whether they pay or not, they've had a breach and their data is in the hands of cyber criminals.
"All that companies who pay will get is a promise that the stolen data will be destroyed – and ransomware groups have broken that promise on more than one occasion."