Ransomware: incransom claims johndufourlaw.com (US) — Business Services

A new ransomware incident has been publicly reported involving the law firm johndufourlaw.com, based in the United States, under the claim by the ransomware group Incransom. The event was published on the ransomware tracking platform ransomware.live on June 26, 2026. While this specific incident falls outside the EU’s direct jurisdiction, it serves as a critical reminder under the Cyber Resilience Act (CRA) framework that business services, including legal and professional services, are increasingly targeted by ransomware actors. The CRA mandates that digital products and services placed on the EU market must meet strict cybersecurity requirements, and this incident highlights the real-world consequences of inadequate ransomware preparedness.

Organizations affected by this development include any EU-based or EU-market-facing business services firms, particularly those in legal, consulting, and professional advisory sectors. These entities are considered critical under the CRA due to their handling of sensitive client data and reliance on digital tools. The incident underscores that ransomware threats are not limited to large enterprises or critical infrastructure; small and medium-sized law firms and business service providers are equally vulnerable.

Compliance teams should immediately review their incident response and ransomware recovery plans, ensuring alignment with CRA requirements for vulnerability reporting and data breach notification. They should verify that all software and digital services used in their operations have been assessed for known vulnerabilities and that backup and recovery procedures are tested regularly. Additionally, teams should monitor ransomware.live and similar threat intelligence sources for indicators of compromise relevant to their sector, and update their risk assessments to reflect the increased targeting of business services by groups like Incransom.