Ransomware Attack Disrupts Court Cases and Deadlines TrialWorks


TrialWorks, one of the leading legal case management providers for law firms and lawyers, was attacked earlier this month as a result of a ransomware attack.

During the chaos triggered by this event, attorneys could not access the legal documents held by TrialWorks.

Sharing customer recovery development

TrialWorks initially told its customers of a hosting problem in its data centre. This occurred on 13 October and the email continued that the problem had been resolved and updates would follow.


Outage notice sent by TrialWorks

On the next day, an email provided more information on the cause of the outage by calling ransomware.

“Thank you for your continuing patience in trying to restore access to your data after a ransomware TrialWorks incident,” read the message.


Ransomware notice

TrialWorks told customers to “partner with several top cyber security firms” to fix the disruption and an email later revealed that two cyber security companies helped to investigate and restore systems. Nevertheless, consumers could not access their records for the duration of the process.

After the systems have been secured, they will be progressively brought back online, with limited customer access, until the procedure ends.

It is important to note, that TrialWorks did not publicly notify ransomware customers of the situation by email and how they treated it.

Ransom paid?

Two days after the ransomware hit, on October 15, TrialWorks announced that the systems had been disinfected and team members “actively decrypted and repaired the data,” suggesting that the company has paid the ransom.

For the time being, the ransomware family responsible for the incident remains unknown. This attack, however, parallels one at the end of August, when another group of dentists no longer accessed medical records of patients, because they were encrypted on the Digital Dental Records (DDS) Backup Server.

The fault was REvil / Sodinokibi, a highly profitable ransomware following in the footsteps of the notorious GandCrab.

At least 42 high-profile partners are presently circulating this piece of ransomware carefully selected for their malware distribution and technical skills. Usually, goals are businesses, managed software providers (MSPs) and government bodies. In short, victims who can pay a fat ransom.

Lawyers requesting extensions

Several law firms are forced to ask courts to extend the time period to file reports supporting their cases. This condition has been put in place by at least two such businesses.

A Whittel & Melton management partner in Spring Hill told Miami Herold that one attorney had to demand an extension in order to file a response in a federal case citing the discharge of TrialWorks blocking access to critical records in the case.

It has heard from another situation where a lawyer at a law firm in Woodland Hills, California, had to ask for more time in a different case, because TrialWorks did not give guarantees that access to its case files would be restored prior to the expiration of a filing date.

“We don’t expect our hosting system to be fully operational tomorrow at this time. When milestones are reached, we can communicate by email,’ reads an email received two days before the expiry date.

TrialWorks sent customers daily reports informing them about the current state of remediation.

Some customers announced that they returned to operations on October 17, according to TechBento Business Technology blog.

Nevertheless, others waited until 22 October to access their files:

The explanation for this delay is that, even when the ransom is paid and a decryption key is available, it takes time to recover from a ransomware attack, with the amount of files being recovered being essential in the process.

In an email to a client, Patrice Gimenez, Chief Client Advocate of TrialWorks said the organization has learned its lesson and is “engaged to use all the resources to address the current problem and avoid its occurrence:

“We are not the first, nor will we be the last organization in our industry to be the target of one of these attacks. However, we have learned from this experience and are committed to expend all the resources required to both address this issue head-on and mitigate the chance of a recurrence.”

Throughout 2017, TrialWorks joined Needles, another highly respected supplier of technology for legal case management. Thousands of law firms used its solution at that time.

Both companies were then acquired by Ridge Road Capital Partners and became an Assembly Software holding company in 2019.

The new company has more than 40,000 active users from 2,500 software companies.

While the seller provides a demo and complete pricing quotation on request, a TrialWorks subscription will start at $500 and rise to $1,500 based on selected functionalities.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.