Ransomware Operators Threaten to Leak Celebrities' Data If They Don't Receive $42 Million

Revil Ransomware Hits a Law Firm

Last week, news broke of a ransomware attack against Grubman Shire Meiselas & Sacks, a law firm that works with a number of A-list celebrities like Lady Gaga, Madonna, Bruce Springsteen, U2, etc. Normally, the law firm's clients wouldn't be that concerned in such a situation. They'd obviously hope that no sensitive documents are lost because of the attack, but strictly speaking, the incident wouldn't be their problem. This time, however, things are a bit different.

Grubman Shire Meiselas & Sacks was hit by the REvil ransomware

The ransomware strain that hit Grubman Shire Meiselas & Sacks is called REvil. Also known as Sodinokibi, REvil is famous for being one of the ransomware threats that steal data from victims in addition to encrypting it. Even when REvil victims manage to restore their encrypted files from a backup, the crooks threaten to leak the exported data unless a ransom is paid. They apparently reckon that in some cases, the exposed data could cause so much damage, that the victim would have no other option. But has it worked?

We have yet to hear a victim admit that it has paid the REvil operators to keep the stolen data under wraps, but then again, this is hardly something companies would brag about. One thing is for sure - Grubman Shire Meiselas & Sacks has no intention of yielding to the extortion attempts.

Hackers ask for $42 million to keep the stolen data private

REvil's operators said that they'd stolen quite a lot of data related to a long list of celebrities. It includes contact details like phone numbers and email addresses as well as legal documents like contracts and non-disclosure agreements. They apparently thought that Grubman Shire Meiselas & Sacks would be pretty keen on keeping the whole incident away from the public eye, and they asked for an enormous ransom – a whopping $21 million. According to ZDNet, however, the negotiations fell through spectacularly.

Apparently, the cybercriminals received an offer of $365 thousand, which they found offensive. The ransom demand was doubled to $42 million, and the criminal gang threatened that if the law firm doesn't pay up, many of its VIP clients will end up in tears. Grubman Shire Meiselas & Sacks, however, won't budge. In a statement, the firm said that it has no intention of negotiating with terrorists. In response, the hackers issued more threats.

REvil's operators claim to have Donald Trump's "dirty laundry"

On its website, the REvil gang urged none other than Donald Trump to tell Grubman Shire Meiselas & Sacks that paying the ransom is a good idea. Apparently, a successful end to the negotiations is in President Trump's own interest because the hackers claim to have "a ton of dirty laundry" associated with him. The information is so embarrassing for the current US president that it could allegedly alter the outcome of this year's elections.

It sounds like a serious threat, but how real is it?

The threats aimed at Donald Trump might not be real, but the hackers definitely have some private data at their disposal

According to Page Six, the hackers are bluffing. Sources told the celebrity news site that Donald Trump has never used the services of Grubman Shire Meiselas & Sacks, which means that the hackers are unlikely to have stolen data connected to the president from the law firm.

It looks like dragging Donald Trump into the incident was nothing more than an attempt to draw more attention. That being said, the rest of the threats could very well materialize. The REvil gang has already published some contracts signed by Madonna and Lady Gaga, and the screenshots they shared suggest that they have a lot more data at their disposal.

Quite a lot of VIPs are involved, and it will be interesting to see how the negotiations will pan out. Whatever the outcome, REvil has once again proven itself as one of the most formidable names on the ransomware scene.

May 18, 2020

Leave a Reply