Hackers are demanding a ransom of $42 million (about Rs. 317 crores) from New York-based celebrity and entertainment law firm Grubman Shire Meiselas & Sacks, with a week-long deadline and looming threat of its clients’ personal details published online publicly. The hacking group “REvil” a.k.a. “Sodinokibi”, which is behind the attack according to cybersecurity firm Emsisoft, alleges to have information on the likes of Priyanka Chopra Jonas, Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Jessica Simpson, Idina Menzel, Christina Aguilera, Mariah Carey, Mary J. Blige, Ella Mai, Cam Newton, Bette Midler, Run DMC, and Facebook.
On May 8, the hackers posted evidence of the stolen data — featuring a screenshot of Madonna’s contract for the 2019-20 “Madame X” tour — on the dark web, per Emsisoft. Said data is allegedly 756GB in size, and includes phone numbers, email addresses, entertainment contracts, non-disclosure agreements, and “personal correspondence”. On May 11, Grubman Shire Meiselas & Sacks confirmed that it had suffered a breach, notified its clients and staff, and was working with “experts”. That was followed by the $21 million ransom demand on May 12.
But the law firm is refusing to negotiate with the hackers, as the FBI is currently investigating the case. Emsisoft had said that the hackers would publish the data in instalments if payment wasn’t made, and that’s exactly what happened. On May 13, the hackers allegedly tried to share 1GB of files to cloud storage service Mega. But their account was terminated by Mega due to a breach of terms of service. According to Variety, in an online post, the hackers taunted the law firm for hiring ransomware remediation firm Coveware, calling it “a mistake to hire a recovery company in the negotiations.”
And then on May 14, the hackers doubled the ransom demand to $42 million, and said they also have “a ton of dirty laundry” on US President Donald Trump, which they would publish in a week if payment isn’t made. Trump has never been a client of Grubman Shire Meiselas & Sacks, so the connection isn’t clear.
If “REvil” / “Sodinokibi” is truly behind the attack on Grubman Shire Meiselas & Sacks, then the latter joins a list of targets including the UK-based currency exchange Travelex and Florida-based management consulting Brooks International among others. Travelex paid $2.3 million (about Rs. 17.35 crores) in bitcoin to hackers who had taken over its network, according to the Wall Street Journal in April.