Hackers Begin to Leak Celeb Info as Law Firm Refuses to Pay Ransom
Hackers Demand $42 Million from a law firm saying they’ve sold Trump’s data & Madonna’s is next...
A cybercriminal group known as REvil has said it has managed to sell damaging information on US President, Donald Trump, and threatened that popstar Madonna is next in line as it attempts to extort a law firm into paying a $42 million ransom after hacking it.
Last week, we reported that a high-profile law firm with a number of celebrity and elite business clients was hit by a ransomware attack, with hackers originally demanding $21 million in exchange for returning the 756GB-worth of files on extremely sensitive celebrity clients.
The law firm in question, Grubman, Shire, Meiselas & Sacks has since confirmed reports that it was hit by a cyber breach, and said that it had refused the demands of the hackers. REvil, the group responsible for launching the ransomware attack then doubled the payment, and released 2GBs of data that involved musician Lady Gaga.
Upon posting, REvil wrote that “it seems that GRUBMANS doesn’t care about their clients or it was a mistake to hire a recovery company to help in the negotiations… as we promised, we [published] the first part of the data because the time is up.”
Now, the plot is thickening, and the REvil group has said it will begin auctioning information related to Madonna that it managed to steal from the law firm within the new few days, with a starting price of $1 million.
“Interested people contacted us and agreed to buy all the data about the U.S. president, which we have accumulated over the entire time of our activity… we are pleased with the deal and keep our word,” REvil wrote in a post on the darkweb.
“05/25/2020 we are preparing to auction Madonna data… the rules are the same,” they wrote. “One-handed information, confidentiality of the transaction, we delete our copy of the data, the buyer has the right to do whatever he sees fit with the data received,” they wrote.
Grubman, Shire, Meiselas & Sacks have said in a statement that “we have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law,’” adding that “even when enormous ransoms have been paid, the criminals often leak the documents anyway.”
The firm has also told Rolling Stone that “our elections, our government, and our personal information are under escalating attacks by foreign cybercriminals. Law firms are not immune from this malicious activity,” a spokesperson said. “Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as a ransom. We are
Grubman has said that “the leaking of our clients’ documents is a despicable and illegal attack by these foreign cyberterrorists who make their living attempting to extort high-profile U.S. companies, government entities, entertainers, politicians, and others.”
The law firm has also told Bleeping Computer that “unless the FBI determines the ransomware was deployed by a designated terrorist organisation or nation state, the FBI treats ransomware investigations as criminal matters,” meaning a payment wouldn’t be entirely ruled out of the equation.
In that same report, the FBI said that it “encourages victims to not pay a hacker’s extortion demands. The payment of extortion demands encourages continued criminal activity, leads to other victimizations, and can be used to facilitate additional serious crimes.”
“Furthermore, paying a ransom does not guarantee the victim will regain access to their data. The best approach is to focus on defense in depth and have several layers of security as there is no single method to prevent compromise or exploitation,” the agency said.
On the claims regarding President Trump, Brett Callow of Emsisoft said “whether they had the presidency-destroying information that they claimed to have is something we may never know. But I still think it was probably a bluff,” he told Infosecurity Magazine.