The hacker group behind last week's REvil (Sodinokibi) ransomware attack on New York-based law firm Grubman Shire Meiselas & Sacks is now demanding $42 million and threatening to release controversial information on U.S. President Donald Trump.
Last week, the hacker group infiltrated the law firm's network and stole personal data and contractual information belonging to celebrities like Elton John, Madonna, Nicki Minaj, Bruce Springsteen, Mariah Carey, and Jessica Simpson.
The massive breach took place after the hacker group used the REvil ransomware to infiltrate the law firm's network and stole up to 756GB of data including contracts, nondisclosure agreements, phone numbers, email addresses, music rights, and personal correspondence of a large number of well-known American celebrities.
Researchers at ransomware-focussed cyber security firm Emsisoft told Variety that hackers behind the cyber-attack posted a few images on a dark web forum as proof of their exploit and are threatening to release 756GB of stolen data from Grubman Shire Meiselas & Sacks. Images posted by hackers on the forum included "a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation," Variety revealed.
The hackers initially demanded a ransom of $21 million and gave the law firm a week’s time to pay the ransom. When the firm agreed to pay only $365,000 of the $21 million they asked, the hacker group doubled the ransom demand to $42 million.
Furthermore, to teach the law firm a lesson, the ransomware gang released 2.4GB of data containing legal documents of Lady Gaga, most of which were contracts for concerts, merchandising, and TV appearances.
No link between Donald Trump and hacked law firm, reports say
The gang is also threatening to release “dirty laundry” on US President Donald Trump. “There's an election race going on, and we found a ton of dirty laundry on time. Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever. And to you voters, we can let you know that after such a publication, you certainly don't want to see him as president. Well, let's leave out the details. The deadline is one week,” the group said.
Page six however, has confirmed that the President has never been a Grubman client, either as a private businessman or during his administration. So, the gang’s claim on the president could be an empty threat in an attempt to create more pressure on the law firm.
The FBI is investigating this incident and has advised the law firm not to negotiate with the attackers or pay the ransom as this would violate federal criminal law.
A statement given to Page Six by Grubman, Shire, Meiselas and Sacks read: "We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law. We are grateful to our clients for their overwhelming support and for recognizing that nobody is safe from cyberterrorism today."
Commenting on hackers doubling their ransom demand, Carl Wearn, Head of e-crime at Mimecast told TEISS that this extraordinary attack on Donald Trump demonstrates just how prevalent ransomware attacks have become. This targeted attack on such a high-profile individual shows that no individual nor organisation can regard themselves as safe from opportunistic cybercriminals, who will not be afraid to hold public figures to ransom.
"Although the emails exposed by the criminal group in this initial instance weren’t deemed to be confidential or particularly damaging, this doesn’t mean sensitive data won’t be leaked in the future. A trend that we are seeing is more cybercriminals favouring the double extortion attack approach, whereby before encrypting their victim’s data, cyber criminals will exfiltrate it from the organisation and threaten to leak it unless ransom demands are met, placing extra pressure on their victims to pay up.
"This is why businesses or organisations no matter what size, must prepare for the eventuality of a ransomware attack. Implementing strong resiliency measures will put businesses in the best position to recover should the worst happen. Failing to do so can have disastrous reputational impact, in this case, on a presidential re-election campaign. As the number of ransomware attacks continues to rise, organisations must start thinking about implementing effective contingency plans and network security solutions now, rather than later,” he added.