Hackers Threaten to Release Legal Secrets of World’s Biggest Stars

Published at: May 8, 2020

The private legal affairs of dozens of the world's biggest music and movie stars — Lady Gaga, Elton John, Robert DeNiro, and Madonna among them —  are at risk of exposure following a ransomware attack on a high profile New York entertainment law firm.

Grubman Shire Meiselas & Sacks have reportedly been hit by the REvil ransomware (also known as Sodinokibi), with the attackers threatening to release up to 756GB of stolen data in nine staged releases.

The stolen data includes confidential contracts, telephone numbers, email addresses, personal correspondence, non-disclosure agreements and more. The ransom amount demanded is not available, however it is invariably paid in Bitcoin.

Cointelegraph has viewed the gang’s darknet site where they published screenshots of legal contracts for Madonna, Christina Aguilera and of the company’s computer folder system.

Credible and proven threat

Brett Callow from information security firm Emsisoft said the breach could have serious privacy ramifications as law firms hold highly sensitive information about their clients..

"It’s not only bad news for the firm; it also puts the clients whose data has been exposed at risk of blackmail, spear phishing, identity theft and other types of fraud. In this instance, REvil claim to have exfiltrated a total of 756GB of data."

Callow described the screenshots leaked by the hackers as “the equivalent of a kidnapper sending a pinky finger”.

The firm represents a ‘Who's Who’ of Hollywood and the music industry including: AC/DC, Barbara Streisand, Bette Midler, KISS, U2, Madonna, Maroon 5, Robert De Niro, Elton John, John Mellencamp, Rod Stewart, Ricky Martin, Shania Twain, KISS, The Weeknd, Lil Wayne, and David Letterman.

It also represents companies including Facebook, Activision, iHeartMedia, IMAX, Sony, HBO, and Vice Media, as well as athletes including LeBron James, Carmelo Anthony, Sloane Stephens and Colin Kaepernick.

Just a warning shot … for now

"The data published so far would seem to simply be a warning shot," Callow said. "Should the firm not pay, whatever data the criminals the criminals may have obtained will be published online, probably in instalments in order to gradually ramp up the pressure."

REvil has previously attacked Travelex, 10x Genomics, Brooks International, Kenneth Cole and National Association of Eating Disorders and published data online from each. Travlex paid $2.3 million to recover its files.

Threatening to release company secrets has become an increasingly popular method by ransomware crews to ratchet up the pressure on companies to pay.

It was popularized by the Maze Crew who made good on threats late last year to release confidential information from security contractor Allied Universal after it failed to pay up.

Cointelegraph has contacted Grubman Shire Meiselas & Sacks for comment.

Tags
Related Posts
US Treasury Dept sanctions crypto OTC broker Suex for alleged role in facilitating transactions for ransomware attacks
The United States Department of the Treasury has announced it will impose sanctions on the Czech Republic and Russia-based business Suex OTC for allegedly allowing hackers to access cryptocurrency sent as payment for ransomware attacks. In an advisory update issued on Tuesday, the Treasury Department Office of Foreign Assets Control, or OFAC, added Suex OTC to its list of Specially Designated Nationals for which “assets are blocked and U.S. persons are generally prohibited from dealing with them.” The government agency listed Suex OTC’s offices in Moscow and Prague, as well as its website and 25 crypto addresses for Ether (ETH), …
Regulation / Sept. 21, 2021
Crypto in the crosshairs: US regulators eye the cryptocurrency sector
In her monthly Expert Take column, Selva Ozelli, an international tax attorney and CPA, covers the intersection between emerging technologies and sustainability, and provides the latest developments around taxes, AML/CFT regulations and legal issues affecting crypto and blockchain. Lately, news headlines are focused on regulators’ concerns over the lack of investor protections in the cryptocurrency market, which has ballooned to more than $2 trillion, and the possible risks to financial stability. National security agencies across the administration of United States President Joe Biden are grappling with high-profile cases of cryptocurrencies playing a role in ransomware attacks, intellectual property espionage, sanctions …
Regulation / Oct. 24, 2021
FBI and Tesla thwart $4 million Bitcoin ransomware plot
A young Russian citizen and his co-conspirators came within an inch of carrying out a major ransomware attack against Tesla — unaware that their target had already turned them in. Last week, the United States Federal Bureau Investigation (FBI) unsealed a criminal complaint against a conspirator in a thwarted ransomware plot against the electric car maker Tesla. On Aug. 22, the Bureau arrested 27 year-old Russian citizen Pavel Kriuchkov in Los Angeles, who had allegedly spent much of his month in the U.S. attempting to recruit a Tesla staffer at the firm’s Gigafactory Nevada site to collude on a nefarious …
Bitcoin / Aug. 28, 2020
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
Technology / June 24, 2020
Crypto-Ransomware Attacks Are Spreading Like a Hacking Wildfire
The last two years have witnessed a hefty uptick in crypto-centric ransomware attacks. Not only are bad actors becoming more refined, but they are facilitating access to other, less sophisticated ones. According to experts, crypto crime of this nature has been especially prevalent amid the coronavirus pandemic. But how does it all connect, and what can the industry do to stamp it out? As with all groups, the cryptocurrency sector has its portion of bad apples. Since 2018, ransomware attacks worldwide have increased by 200%. To make matters worse, the software required to carry out such attacks is widely available …
Regulation / June 17, 2020