REvil ransomware attack scalps personal data of global celebrities

A hacker group behind the REvil ransomware recently infiltrated the network of media and entertainment law firm Grubman Shire Meiselas & Sacks and stole personal data and contractual information belonging to celebrities like Elton John, Madonna, Nicki Minaj, Bruce Springsteen, Mariah Carey, and Jessica Simpson.

The massive breach took place after the hacker group used the REvil ransomware to infiltrate the law firm's network and stole up to 756GB of data including contracts, nondisclosure agreements, phone numbers, email addresses, music rights, and personal correspondence of a large number of well-known American celebrities.

Researchers at ransomware-focussed cyber security firm Emsisoft told Variety that hackers behind the cyber attack posted a few images on a dark web forum as proof of their exploit and are threatening to release 756GB of stolen data from Grubman Shire Meiselas & Sacks. Images posted by hackers on the forum included "a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation," Vareity revealed.

Even though the law firm has not revealed if hackers have demanded a ransom, it confirmed to Variety that it had indeed been hacked and that cyber security experts are working round the clock to address the situation. “We can confirm that we’ve been victimized by a cyberattack. We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters,” it said.

Grubman Shire Meiselas & Sacks counts well-known celebrities across genres like media and entertainment, sport, television, and the corporate world as its clients. The hackers behind the cyber attack said the data in their possession included classified information belonging to celebrities like Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel and Run DMC.

The law firm also represents music stars like AC/DC, Barbra Streisand, Elton John, Lionel Richie, Lizzo, Madonna, Maroon 5, Ricky Martin, Rod Stewart, Shania Twain, Sting, Drake, Fiona Apple, U2, the Whitney Houston Estate, and Tony Bennett as well as sports personalities such as Mike Tyson, Sean Avery, Victor Cruz, Henrik Lundqvist, LeBron James, and Cam Newton.

Grubman Shire Meiselas & Sacks also boasts an enviable list of corporate clients that includes the likes of Facebook, Samsung Electronics, Sony Corp., Spotify, HBO, MTV, Universal Music Group, Vice Media Group, Activision, EMI Music Group, and Discovery. It is not yet known if corporate data belonging to these enterprises are also in the possession of the hacker group.

REvil ransomware gang also targeted Travelex and forced it to cough up $2.3m in ransom

The REvil ransomware group was recently in the news for using the ransomware to target foreign currency exchange service Travelex in January. The hacker group told Bleeping Computer that they used the Sodinokibi ransomware to successfully encrypt Travelex's entire network, delete backup files and exfiltrate more than 5GB of personal data. They initially demanded $6 million (£4.6m) to return the encrypted files but according to The Wall Street Journal, they finally settled for $2.3 million paid in Bitcoin.

Commenting on the latest cyber attack targeting Grubman Shire Meiselas & Sacks, Ilia Kolochenko, founder & CEO of ImmuniWeb, told Teiss that law firms are desirable targets for hackers as it is often much easier and faster to breach a mid-sized law firm to get ultra-confidential data compared to targeting its large clients directly, such as banks or celebrities as reportedly happened in this case.

“In a highly competitive and now digitally-disrupted legal services market, few law firms are prioritising investment into holistic cyber resilience and defense, understand their attack surface, let alone conduct sufficient employee training. Furthermore, a considerable number of law firms have no incident detection and response capacities, often leaving them unable to detect an intrusion in a timely manner.

“Worse, modern law firms have to deal with diversified digital flow of sensitive and privileged data on their mobile phone, laptops and office computers. Partners and clients exacerbate this convoluted landscape by uploading confidential documents to public cloud or file sharing websites.

“Moreover, even if a data breach is detected, a not insignificant number of law firms would prefer to keep the incident as silent as possible to avoid disastrous reputational damage and acrimonious lawsuits from their clients. Ultimately, law firms are a low hanging fruit for cybercriminals, enabling the latter to get their hands on crown jewels of major organizations without spending much effort,” he added.

MORE ABOUT: