SOMETHING WALKED THE WIRE. THEN LOCKED EVERY DOOR.
A crew called Gunra reportedly spent weeks inside a law firm's network, copying its secrets, before locking the whole place from the inside. How it works, what it costs, and how to keep the ghosts out of your business.
The night every door locked from the inside.
Picture a law firm at the end of a long day. The lights are off, the computers sleep. Out in the wire, something is awake. A crew that calls itself Gunra has been quietly riding the firm's network, learning its shape, copying its secrets. Then, all at once, it strikes. Every file gets a strange new ending. Contracts, client letters, case notes, all scrambled into static. A message glows on the screen: pay us, or we leak everything.
That is a ransomware attack, and reports say it landed on a real firm with real clients. Whatever came through the wire came quietly, learned the building, and waited for a night of its choosing.
// Signal noteThis dispatch is built on public reports from cyber monitoring accounts that a law firm, named in those reports as Cambridge Law Chambers, was hit by the Gunra crew. The claim comes from dark net chatter and remains unconfirmed, so treat the name with care. We use it as a teaching case, because the method behind it is real, documented, and worth knowing.
What ransomware actually is.
Strip away the neon and it is simple. Ransomware is a program a criminal sneaks onto your computers. It does two cruel things. First it makes a copy of your private files and sends them off into the dark. Then it scrambles the originals so you cannot open them, and demands money for the key.
Picture a ghost in your house at 3am. It photocopies every private letter you own, welds every door shut, and slides a note under the front one: pay to come home, then pay again or your letters go up on every screen in the city.
Law firms make a dream target. Their whole trade is holding other people's biggest secrets, and whoever steals those secrets holds enormous leverage. The same logic reaches a builder, a dentist, a shop, anyone with files they would hate to lose or see leaked. Which is most of us.
Five doors a ghost walks through.
Most attacks walk through one of five doors, and none of them needs a genius to open. They need a door left ajar and someone patient enough to find it. Tap each one to see how it gets used, and how to bolt it shut.
A phishing email or text that pretends to be someone you trust, like a supplier, a bank, or your own boss. It asks you to click a link or type your password into a page that looks real but is not. One click can hand a stranger the keys.
The slow part nobody ever sees.
The film version has a hacker tearing through firewalls in seconds. The real one mostly waits. Once inside, the intruder drifts through the wire for days, sometimes weeks, learning where the treasure lives and where the backups sleep. Security people call this the dwell time: the ghost living in your walls before it ever rattles a chain.
Those quiet weeks cut both ways. All that lurking leaves traces, and there is a long window where the ghost can be caught before a single door locks. Good defence lives in that window.
Pay to get in. Pay again to stay quiet.
The older strains simply locked your files and waited. The crews working now, Gunra among them, run a meaner play called double extortion: steal a copy of your data first, then lock you out, so two threats hang over you at once.
The ghost steals your diary, then welds your front door. Demand one: pay to get back into your own house. Demand two: pay again, or we read your diary out to the whole city. Even with a perfect spare key, the diary is still out there.
This is why "we have backups, so we are fine" is only half the shield. A good backup brings your files home, and the stolen copy stays out there in the dark all the same. For a firm holding private client matters, the threat of a leak alone is terrifying, and the crews know it.
How to be too much trouble.
Most of this costs nothing and none of it needs a tech brain. The crews hunt the easiest house on the street and pass hundreds of others on the way, so the whole game is being more trouble than you are worth. Get the first four solid and you have bolted the doors most attacks ever use.
Turn on two-step login
After your password, it asks for a code from your phone. A stolen password becomes a key without a lock.
Keep a backup they cannot reach
One copy kept offline or fully separated, and tested so you know it works. The ransom note loses its teeth.
Update fast
Those nagging updates close the exact holes ghosts crawl through. Switch on automatic updates where you can.
Train eyes on fake messages
Most attacks begin with one click. A simple "does this look right?" habit stops a huge share at the door.
Hand out fewer master keys
Most people do not need admin rights. Fewer all-access accounts means far less a ghost can do with a stolen one.
Shut the open windows
Remote desktop and VPNs are favourite ways in. Protect them with two-step login, and only open them when needed.
Have a "lights out" plan
One page: who to call, how to unplug a machine, where the backups are. Read it once. On the bad night, calm beats clever.
See yourself the way they do
List your websites, logins and old systems facing the internet. Close what you do not need. They scout you first, so scout yourself first.
Four myths that get people hurt.
Truth Small places get hit because they are easier. Most attacks are automated and do not care how big you are, only whether a door is open.
Truth Antivirus helps but misses plenty. Modern ghosts walk straight past it. Two-step login and tested backups matter more than any one tool.
Truth Backups bring files back but cannot un-leak stolen data. And untested backups tend to fail on the one night you need them.
Truth Paying funds the crews, marks you as someone who pays, and never guarantees your files or stops the leak. Prevention is far cheaper.
The house they skip.
The reported hit on this law firm follows the same pattern that keeps coming back, dressed in different neon each time. Behind the handles and the leak sites sit ordinary opportunists, hunting the easiest house on the street.
Strong logins, a tested backup kept off the grid, fast updates, sharp eyes on email, and a one-page plan will carry a small business further than a shelf of pricey tools left switched off. Start anywhere. Being more trouble than the place next door is usually enough.
Signal boosters worth bookmarking
Want to know which of your doors are open?
A short call, no sales script. We look at your setup, tell you which doors are unlocked and which shields to raise first, and we are honest about whether you even need us yet. Real people in Cardiff, replying within a working day or two.
Open a channel.
Reach us however suits you, or send the details below.
Uplink received.
You will get a real reply within a couple of working days. No sequence, no list.