Celebrity Law Firm Hackers Double Ransom Demand

A hacking group is demanding $42 million (£35m) from a leading New York entertainment law firm after compromising the company’s IT systems and stealing 756 gigabytes on A-list celebrities.

The group said it would release the sensitive data, including contracts and personal emails, unless the ransom was paid, and also threatened to release compromising information on US president Donald Trump.

The latter may be an empty threat, however, since Trump has never been a client of law firm Grubman Shire Meiselas & Sacks, celebrity news magazine Page Six reported.

GSMS’ list of clients includes well-known figures such as Lady Gaga, Madonna, Mariah Carey, U2, Bruce Springsteen, Priyanka Chopra and Bette Midler.

Ransom

The law firm confirmed last week that it had been compromised, saying it had notified clients and staff and was “working around the clock” to address the situation.

The attack involved ransomware that locked the company’s digital files and erased all backups, while expropriating data held on the firm’s networks, according to security firm Emsisoft.

Hacking group REvil initially demanded $21m to refrain from publishing the data, but doubled the amount at the end of last week after saying GSMS had agreed to pay only $365,000.

It gave GSMS another week to pay, while releasing 2.4GB of data on recording artist Lady Gaga, including contracts for concerts, merchandising and television appearances.

“Grubman, we will destroy your company down to the ground if we don’t see the money,” REvil said in a statement published on a Dark Web site.

‘Despicable attack’

REvil, also known as “Sodinokibi”, has also attacked organisations including UK-based currency exchange firm Travelex, which paid $2.3m in Bitcoin after a ransomware attack, the Wall Street Journal reported.

GSMS said it was not negotiating with the hackers, saying the FBI considered the attackers terrorists and that “negotiating with or paying ransom to terrorists is a violation of federal criminal law”.

The firm added that the criminals could always leak the documents even after receiving payment of a ransom.

“The leaking of our clients’ documents is a despicable and illegal attack by these foreign cyberterrorists,” GSMS said in a statement.

Emsisoft said the ransom demand was one of the largest it had heard of, surpassing the previous record $25m demand received by an unnamed company, which was not paid.

Earlier this year hackers released data stolen from Visser Precision, a precision parts maker for military and aerospace companies including Lockheed-Martin, Tesla, SpaceX and Boeing, after the company refused to pay a ransom.