Galliher Law Firm Ransomware Claim by DragonForce (Apr 2026)

Claim Summary

On April 22, 2026, the ransomware group DragonForce allegedly added The Galliher Law Firm to their dark web leak site. The group claims to have compromised the firm’s network and exfiltrated sensitive data. The Galliher Law Firm, based in Las Vegas, Nevada, specializes in personal injury law and has been operating since 1974. According to the threat actor’s post, the firm provides legal representation for car accidents, medical malpractice, and wrongful death cases. The volume of data allegedly stolen has not been disclosed. This report is based solely on the group’s unverified claims.

Threat Actor Profile

DragonForce is a ransomware group with a known track record of 431 victims across various sectors. The group’s operational history suggests a moderate level of credibility, though they have been known to exaggerate or repost old data. Their known toolset includes:

• Mimikatz: For credential dumping and lateral movement.
• Advanced IP Scanner: For network reconnaissance and asset discovery.
• PingCastle: For Active Directory security auditing and privilege escalation.
• SoftPerfect NetScan: For network scanning and service enumeration.

DragonForce typically employs double extortion tactics - encrypting systems while exfiltrating data to pressure victims into payment. No public YARA rules or specific detection guidance for DragonForce is currently available, but organizations should monitor for the use of these tools in their environments.

Alleged Data Exposure

The group claims to have accessed the firm’s internal systems, but no specific data types or volumes have been disclosed. Based on the firm’s description of handling personal injury cases, potential data at risk could include:

• Client personal information (names, addresses, phone numbers, Social Security numbers).
• Medical records and treatment histories.
• Case details, including accident reports and settlement negotiations.
• Financial information related to claims and compensation.
• Employee records and internal communications.

Without confirmation from the firm or independent verification, the extent of the breach remains speculative.

Potential Impact

If the claims are accurate, the consequences could be severe:

• Client Privacy Violations: Exposure of sensitive medical and legal data could lead to identity theft, fraud, or reputational harm for clients.
• Regulatory Penalties: The firm may face fines under HIPAA (if medical data is involved) or state data breach notification laws.
• Litigation Risk: Clients could file class-action lawsuits for failure to protect their data.
• Operational Disruption: Ransomware encryption could disrupt case management, billing, and client communications.
• Reputational Damage: Trust in the firm’s ability to safeguard confidential information may be eroded.

What to Watch For

• Official Statement: Monitor The Galliher Law Firm’s website and public channels for a breach notification or denial of the claims.
• Data Dumps: DragonForce may release samples or full datasets to pressure the firm. Do not access or share any leaked data.
• Phishing Campaigns: Threat actors may use stolen data to target clients or employees with social engineering attacks.
• Regulatory Filings: Check state attorney general offices for breach notifications.

Disclaimer

This report is based on unverified claims posted by the DragonForce ransomware group on their dark web leak site. Yazoul Security has not independently verified the accuracy of these claims, the extent of the alleged breach, or the authenticity of the data. Ransomware groups frequently exaggerate or fabricate claims to pressure victims. Organizations should not take action based solely on this information without further verification. No PII, download links, or access methods are provided in this report.