Law Firm With Vast Celebrity Data Hit By Ransomware Attack
A New York-based law firm is in damage control after hackers managed to successfully launch a cyberattack and hold massive amounts of data to ransom, with hackers threatening to release private information from celebrity clients until the fee is paid.
It’s unknown whether Grubman, Shire, Meiselas & Sacks, the law firm with celebrity clients like Madonna, Elton John, David Letterman, Robert DeNiro, Christina Aguilera and John Mellencamp has agreed to pay the hacker’s ransom.
The firm also has elite-level business clients like Sony, HBO, Facebook, Activision, iHeartMedia, IMAX, Vice Media and sports stars like LeBron James, Carmelo Anthony and Colin Kaepernick.
“It’s not only bad news for the firm; it also puts the clients whose data has been exposed at risk of blackmail, spear phishing, identity theft, and other types of fraud.” Brett Callow
Grubman, Shire, Meiselas & Sacks is yet to comment publicly on the matter, however, reports have been circulating that nearly 1TB of private data is being held to ransom after hackers successfully launched a ransomware attack.
At the time of publishing, the firm’s website remains offline
According to a report from Infosecurity Magazine, “cyber-thieves claim to have used REvil ransomware (also known as Sodinokobi) to steal 756GB of data that includes contracts, telephone numbers, email addresses, personal correspondence, and non-disclosure agreements.”
The hackers involved have warned Grubman that they will publish the entirety of the data online in nine separate releases unless the law firm pays the full ransom in the cryptocurrency, Bitcoin. So far, they have released two private documents signed by Madonna’s tour agent on the dark web to back their claims.
Brett Callow, a security researcher at Emsisoft has said that the release of Madonna’s documents were “simply a warning shot,” signaling that the hackers mean business. “It’s the equivalent of a kidnapper sending a pinky finger,” he said.
It’s believed that REvil, a cybercriminal group widely credited for the ransomware attack on currency exchange giant, Travelex is responsible for the latest attack on the law firm.
In the Travelex ransomware attack, REvil held the company’s systems to a £4.8 million ransom on New Year’s Eve of 2019. This attack had widespread ramifications, as large banks like RBS, Barclays, Natwest and HSBC were at the time using Travelex’s services for their clients. Travelex ultimately paid $2.3 million to recover what was left of their files after a hacker granted them access once again.
Other high profile companies and celebrities believed to be implicated in the scandal include Samsung Electronics, MTV, the NBA, The Weeknd, KISS, Sloane Stephens, Nicki Minaj, Mariah Carey, Mary J. Blige, Bruce Springsteen, Lady Gaga, Jessica Simpson and Priyanka Chopra, as well as Outkast and prolific hip hop group, Run-DMC.
Emsisoft’s Brett Callow continued to explain that “data exfiltration cases represent a serious risk to law firms’ clients. The stolen information can be used for blackmail, spear phishing or sold to other criminals on the dark web.”
“It’s not only bad news for the firm; it also puts the clients whose data has been exposed at risk of blackmail, spear phishing, identity theft and other types of fraud.”
Callow continued to explain that “this is not the first incident of its kind; other law firms have had their data, and their clients’ data, exfiltrated on either the clear or the dark web and each incident resulted in extremely sensitive data being exposed.”
He added that the vast majority of ransomware attacks have in the past succeeded because organisations are lacking in the most basic of security protocols to keep third parties at bay.
“This is not acceptable, and especially in the case of organisations such as law firms and healthcare providers which handle extremely sensitive information… bottom line: both public and private sector organisations need to do more to protect the data with which they are entrusted.”
Sudais Asif of HackRead writes that “from previous attacks of the ransomware on organisations such as Brooks International and National Association of Eating Disorders where the data was indeed published online due to the refusal of payment by these firms.”
“Hence, as the FBI suggests, it would be in the best interest of Grubman Shire to pay up seeing the massive opportunity cost at stake. Moreover, they should increase their security by implementing best practices like external audits to win back the trust of their customers and continue functioning with the same prestige,” he Asif concluded.
A report from Variety shows that “in 2019, at least 966 healthcare providers, government agencies and educational institutions in the U.S. were targeted by ransomware attacks at a potential cost of most tre than $7.5 billion.”