Hacking group claims to have stolen 100GB of files from law firm Jones Day that represented Trump

Hackers claim to have stolen files belonging to the global law firm Jones Day and have posted a number of the purported illicitly obtained documents on the dark web.

The firm famously – and controversially – represented former President Donald Trump in several of his unsuccessful attempts to overturn the results of the 2020 election citing unfounded claims of voter fraud.

The hackers, who go by the name Cl0p Ransomware, recently posted several gigabytes of data allegedly belonging to Jones Day on a site where they publicize their infringements, Databreaches.net reported.

‘We hacked their server where they stored data, on attempts to “settle” they responded with silence and we had to upload the data,’ one of the alleged hackers told VICE. ‘We emailed them and they ignored us for over a week. We did not encrypt their network, we only stole the data.’

Jones Day confirmed the hack in a statement to the Wall Street Journal, but denied its own severs had been directly compromised. Instead, the company blamed the breach on Accellion, a company that provides a file sharing system that was hacked earlier this month.

The law firm said it’s currently investigating the incident and will be in discussion with affected clients and appropriate authorities.

Jones Day famously – and controversially – represented former President Donald Trump in several of his unsuccessful attempts to overturn the results of the 2020 election

The hackers, who go by the name Cl0p Ransomware, recently posted what they claim is several gigabytes of data on a site where they advertise their breaches, Databreaches.net reported

The online posting by Cl0p Ransomware includes a few individual documents that are easily accessible to the public. Also included is a memo to a judge marked ‘confidential mediation brief’, and another is a cover letter for enclosed ‘confidential documents’.

The authenticity of the documents has not yet been confirmed by Jones Day.

According to WSJ, dozens of others files also purported to belong to the law firm were posted by Clop on the dark web.

The hackers are reportedly offering 20 caches related to Jones Day, which range from 1.54GB in size, up to 4.5GB. One of the caches is marked ‘extracted emails’, according to VICE.

Hackers typically post stolen information on the dark web, or online generally, after the hacked entity fails to pay a set ransom.

Clop Ransomware said Jones Day never responded to their messages about their alleged breach.

‘They didn’t answer us,’ the group said. ‘We invited them to enter our chat, but they were silent.’

The online posting by Cl0p Ransomware includes a few individual documents that are easily accessible to the public. Also included is a memo to a judge marked ‘confidential mediation brief (above)

Another file is a cover letter for enclosed ‘confidential documents’ (shown above)

The hackers, who claim to have more than 100GBs of data in total, said they first reached out to the law firm on February 3, informing them of the breach and telling them data had been stolen.

As of Tuesday, the hackers told WSJ that while still yet to receive a response, they do believe the Jones Day received their messages.

Jones Day, meanwhile, denied it had fallen victim to a direct ransomware attack and instead blamed the breach on Accellion, a company the firm previously used to transfer large files electronically. 

Accellion announced on February 1 that it was the target of a sophisticated attack on December 23. All customers were promptly notified, the company said.

‘The company is conducting a full assessment of the FTA data security incident with an industry-leading cybersecurity forensics firm. We will share more information once this assessment is complete,’ a company spokesperson said.

‘For their protection, we do not comment on specific customers. We are working with all impacted FTA clients to understand and mitigate any impact of this incident, and to migrate them to our modern kiteworks content firewall platform as soon as possible.’   

Despite Jones Day’s protests, the hackers told the Journal that they did hack the firm’s servers directly, and said they weren’t even involved in the Accellion breach.  

Demonstrators hold up signs in front of an inflatable giant rat in the likeness of U. S. President Donald Trump outside the NYC office of Jones Day law Firm on November 13, 2020 in New York City

Law firms have long been considered a prime target for hackers because their files often contain confidential information, including the size of settlements, negotiations about pending deals, and legal strategy that would normally be shielded from public viewing because of attorney-client privilege.

When it comes to Jones Day specifically, the firm is one of the largest in the world and has in excess of 2,500 lawyers on its books globally, and boasts $2 billion in annual revenue.

The firm also has deep ties with the Trump administration, after more than a dozen of its lawyers worked in the White House, including Don McGahn, who served as White House Counsel until 2019.

The company was widely criticized for signing on to help the Trump administration in its efforts to overturn the 2020 election late last year.

The now-embattled Lincoln Project even started a PR campaign against the firm to attempt to force it to withdraw as Trump’s counsel.

But the efforts came in vein, with Jones Day continuing to work with Trump even after Biden’s inauguration.

When asked by VICE what their motivation was for hacking Jones Day to begin with, Clop Ransomwear responded: ‘And what do you think? Financial of course,’ adding a wink-face emoji.