Ransomware Pirates Strike Again: Qilin Claims Law Firm as Latest Victim

In a chilling reminder that no industry is immune from cyber extortion, the ransomware group Qilin has announced a fresh conquest: the prominent law firm Lonich Patton Ehrlich Policastri. The claim, spotted on December 10, 2025, by threat monitoring site ransomware.live, underscores a troubling pattern of attacks against high-value professional services, where sensitive client data is often at stake.

Inside the Attack

Qilin, a ransomware syndicate known for its double extortion tactics, posted Lonich Patton Ehrlich Policastri on its leak site, marking the law firm as its latest victim. While technical details remain scarce, the public naming is itself a high-pressure tactic. Such listings are designed to coerce organizations into paying hefty ransoms by threatening exposure of confidential data, often including sensitive legal documents, client communications, and internal records.

According to data from ransomware.live, the breach was first detected on the same day it was published - December 10, 2025. The site, which tracks ransomware disclosures but does not host or distribute stolen information, serves as an early warning system for the cybersecurity community. Although there is no confirmation yet regarding the volume or nature of the data compromised, the presence of DNS records linked to the victim’s domain suggests that attackers may have gained significant access to the firm’s network infrastructure.

This incident fits a broader trend: law firms and other professional service providers are increasingly targeted due to the high value of their confidential data. Ransomware gangs like Qilin exploit this leverage, knowing that the potential fallout - from legal liability to reputational damage - can pressure victims to capitulate. In recent years, legal practices have become a favorite target not just for the potential financial gain, but for the sheer volume of sensitive information they handle.

While Lonich Patton Ehrlich Policastri has not yet issued a public statement, the attack is a stark reminder for the legal industry to double down on cybersecurity measures. With ransomware groups evolving their tactics and targeting, the need for advanced defense and incident response capabilities has never been more urgent.