Law Firms in the Crosshairs: Worldleaks Strikes Roose Ressler & Green Co in Latest Data Extortion Wave

In a chilling reminder of the legal sector’s vulnerability, cyber extortion gang Worldleaks has claimed responsibility for a fresh attack on Roose Ressler & Green Co, a prominent law firm. The breach, publicly indexed by ransomware.live on December 16, 2025, marks yet another escalation in the ongoing cyber offensive targeting sensitive legal data. As the digital shadows lengthen, law firms are finding themselves squarely in the sights of increasingly brazen ransomware groups.

Fast Facts

• Roose Ressler & Green Co listed as a new victim by Worldleaks on December 16, 2025.
• The targeted attack is part of a broader trend of ransomware assaults on law firms.
• DNS records for the victim’s domain were exposed in the leak announcement.
• Other recent victims include Smith Hawks, also claimed by Worldleaks.
• No stolen content was directly distributed by ransomware.live; only metadata and public information were indexed.

Inside the Breach: What We Know

Worldleaks, a notorious data extortion collective, has added Roose Ressler & Green Co to its leak portfolio - an event first detected and indexed by ransomware.live. While the specifics of the stolen data remain undisclosed, the group's modus operandi typically involves exfiltrating confidential documents and threatening public release unless hefty ransoms are paid.

The legal industry is an increasingly attractive target for ransomware gangs. Law firms often hold troves of sensitive information, from personal client records to privileged corporate documents. The exposure of DNS records in the leak announcement hints at the group’s intent to demonstrate access to internal infrastructure - an intimidation tactic designed to pressure victims into negotiations.

Roose Ressler & Green Co is not alone. On the same day, Smith Hawks - another legal entity - was listed as a Worldleaks victim, suggesting a coordinated campaign against firms with high-value data. The attack follows a broader pattern: cybercriminals exploiting weak points in digital defenses, then leveraging the threat of public shaming and data exposure for financial gain.

Ransomware.live, the site indexing these disclosures, maintains a strict policy of not hosting or distributing stolen data. Instead, it serves as a public ledger of incidents, using only information already made visible by threat actors. This transparency supports research and awareness, but also starkly illustrates the scale and frequency of attacks on critical professional services.

The Bigger Picture

The legal world, once insulated by tradition and discretion, now faces a digital reckoning. As cyber extortion groups refine their strategies, the question for law firms is no longer if, but when, they will become targets. The latest attack on Roose Ressler & Green Co is a warning shot - a call for urgent investment in cyber resilience, and a sober reminder that even the most privileged information is only as secure as the networks that guard it.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Data Exfiltration: Data exfiltration is the unauthorized transfer of sensitive data from a victim’s system to an attacker’s control, often for malicious purposes.
• DNS Records: DNS records are digital instructions that direct internet traffic to the right servers, ensuring websites and services are accessible and secure.
• Leak Site: A leak site is a website where cybercriminals post or threaten to post stolen data to pressure victims into paying a ransom.
• Extortion Group: An extortion group is a cybercriminal organization that steals sensitive data and demands payment, often in cryptocurrency, to prevent its release or sale.