Prominent Sacramento law firm sues for $1 million after falling prey to ransomware attack

A prominent Sacramento law firm that represents police officers and sheriff’s deputies in the capital region is suing a computer firm for more than $1 million alleging that, after hiring the company to provide cybersecurity, the law firm was hit with a ransomware attack.

The Mastagni Holstedt law firm filed the suit in Sacramento Superior Court this week against Lantech LLC, claiming that because of the cyberattack last year, Mastagni Holstedt was forced to pay a ransom to regain access to its data.

An office manager at Lantech who would not give her name Wednesday morning declined to comment when reached by phone, saying she knew nothing about the suit, which names Lantech, former Lantech owner Terry Berg and backup computer data storage company Acronis Inc.

Lantech did not respond to a subsequent email request for comment, and Acronis denied any responsibility for the cyberattack.

Law firm founder Davis Mastagni also did not respond to a request for comment.

The lawsuit alleges the attack came from a group known as “Black Basta,” a Russian-speaking group first detected in early 2022 that has been blamed for hundreds of ransomware attacks that have resulted in payments of more than $100 million by firms seeking to retrieve data.

“In its first two weeks alone, at least 20 victims were posted to its leak site, a Tor site known as Basta News,” according to a March 2023 “threat profile” by the U.S. Health and Human Services Department’s Office of Information Security. “It exclusively targets large organizations in the construction and manufacturing industries, but was also observed to target other critical infrastructure, including the health and public health sector.

“While primarily targeting organizations within the United States, its operators also expressed interest in attacking other English-speaking countries’ organizations in Australia, Canada, New Zealand, and the United Kingdom. Threat actors that used the ransomware have additionally impacted organizations based in the United States, Germany, Switzerland, Italy, France, and the Netherlands.”

The group has extorted at least $107 million in bitcoin from targets, according to a November report by Reuters news agency.

The Mastagni firm, which includes lawyers handling cases for law enforcement officers accused of disciplinary transgressions or crimes, said in the lawsuit that it retained Lantech after informing the company “of the nature of plaintiff’s business as a law firm and the importance of cybersecurity for its computer network and data.”

Under the terms of the agreement, Lantech “was responsible for the cloud-based backup of plaintiff’s servers and data,” the suit says.

“On February 24, 2023, Plaintiff began to experience connectivity issues when its employees tried to log into the firm’s terminal servers,” the suit says.

The Mastagni firm notified Lantech, which reported that “the problem had been resolved,” but computer network difficulties continued, the suit says.

“On February 26, 2023, plaintiff suffered a major outage of its servers and computer network which resulted in the loss of access to its servers and data,” the suit says. “Plaintiff reported the outage to Lantech and it was ultimately determined that Plaintiff’s cybersecurity, for which Lantech was responsible, was breached and that malicious ransomware had been installed blocking access to plaintiff’s servers and data.

“Thereafter, a ransom demand was made by a group known as Black Basta for plaintiff to recover access to its data.”

The law firm attempted to recover its data through Acronis “but discovered that its data backup had been deleted,” the lawsuit says.

“As a result, plaintiff was unable to restore its computer network with the data backup and eventually was forced to pay a ransom to the hackers to regain access to its data,” the suit says. “Even though defendants Lantech and Berg were aware that plaintiff’s network was experiencing a cybersecurity attack and that plaintiff was concerned about the security of its data, they failed to take steps to prevent the deletion of the cloud-based backup of plaintiff’s data which they had arranged with Acronis.”

In a statement to The Sacramento Bee, Acronis said it was not responsible for the law firm’s computer problems.

“As a cyberprotection company, we take security very seriously,” the company said in an email. “No Acronis systems or networks were compromised.

“Acronis and its partner deny any responsibility for what happened to the law firm’s systems and its data. Our investigation revealed that access credentials may have been compromised outside of our systems and used to delete the firm’s backups and execute a ransomware attack.

“Password protection is the responsibility of the customer. Acronis has not been served with the lawsuit and will not be commenting further on this litigation.”

The suit does not specify the amount of the ransom payment or the manner in which it was paid, but it alleges negligence and breach of contract and seeks more than $1 million in damages.

Because of the cyberattack, Mastagni says in the suit that it “suffered economic losses, including but not limited to be forced to pay a ransom demand to recover its data and access to its servers and network, fees and costs to mitigate the damage, including fees paid to ransom negotiators and computer security consultants to mitigate the loss and to upgrade and repair the damage to plaintiff’s computer network.”