Manitoba law firms hit with Maze ransomware

Two unnamed Manitoba law firms have been hit by Maze ransomware, locking up not only office computers but also their cloud backups.

“At this point, we do not know when or if they will ever regain complete access to their kidnapped data,” the Law Society of Manitoba said in a statement. Provincial law societies are the legal profession’s regulators.

The firms have been asked to pay “an enormous ransom” to regain access to client legal files. The statement doesn’t say whether they had cyber insurance, which may cover some or all of a ransom. However, that may be the least of the firms’ worries. The Maze group typically quietly infects one computer, then gains network access to find all computers and servers to pinpoint sensitive data. Then it copies and exfiltrates victims’ data before encrypting it. That way it can threaten to release the data to the public if the ransom isn’t paid. Usually Maze gives victims seven days to comply.

The American web site says Maze released client files of a Texas law firm earlier this year that refused to pay a ransom. Documents included pain diaries from personal injury cases, client fee agreements, health care consent forms and more.

The Manitoba law society said it was notified in the last two weeks of the attacks, which have left the two law firms without access to email, Word, their accounting software, or any of their backups. Documents filed in court wouldn’t be affected, nor would original paper documents held in law firm offices. Both of these would help a law firm re-build its digital files. However, the attack may force lawyers to re-interview witnesses where there are no paper transcripts. Lawyers also wouldn’t be able to access previously scanned and digitized copies of work like affidavits, testimony, statements of claim and statements of defence. Digital copies of documents are vital to law firms because they can be easily searched, saving hours of work.

A Canadian lawyer who asked not to be identified said it’s not uncommon anymore for law firms in this country to be hit by ransomware. “It’s more common today than it was six months ago.” Next to a fire, he agreed, a ransomware attack could be a law firm’s worst nightmare.

“Gone are the days when we work alone on paper,” he said.

Among the problems: Lawyers would lose access to their calendars, meaning they could miss court or regulatory deadlines for filing documents. That could imperil anything from a merger/acquisition to house sales. Fortunately, because of the COVID-19 pandemic, Canadian courts are temporarily closed. (CLARIFICATION: Land registry offices may still be open.)

While law societies across Canada have rules obliging lawyers to protect documents, they typically only suggest best practices for cybersecurity.

In an email, Brett Callow, a British Columbia-based researcher for security firm Emsisoft said the incidents show why IT has to make sure organizations have independent offline backups of data. Network-attached backups can be infected. He also noted ransomware attackers who copy data before encrypting it may not be honourable in keeping their promise to delete what they have stolen in exchange for paying to get decryption keys.

Maze was also responsible for the ransomware attack last December on a Manitoba insurance broker. That led Callow to wonder if data stolen from one company was used to spear phish others, or if the firms shared the same service provider which was hacked.

Law firms are attractive targets because the sensitive client data they hold could mean firms are likely to pay a ransom. According to, Maze claimed responsibility in February for hitting three law firms in South Dakota

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now