A ransomware gang has claimed that it is auctioning a law firm's celebrity client files.
In May, REvil said that it had stolen over 750gb of data belonging to Grubman Shire Meiselas & Sacks, a US media law firm with a glistening client database including Madonna, U2, Lady Gaga, Mariah Carey, and Bruce Springsteen.
To show its intent, REvil initially published a 2gb teaser of legal documents regarding Lady Gaga, that it allegedly stole from Grubman. The ransomware gang has now started a staggered auction of, it claims, celebrity client files from the firm's database. The lots going under the hammer purportedly include Grubman's documents relating to Bruce Springsteen, Usher, Nicki Minaj, Mariah Carey, LeBron James, Jessica Simpson and other slebs.
The dark web's version of Buy It Now
REvil posted a message stating that the packs include "full information downloaded from the office, namely – contracts, agreements, NDA, confidential information, court conflicts, internal correspondence with the firm.” And the gang suggested that the documents contained salacious material, hinting that show business is not just about "concerts" but also "big money...social manipulation...mud lurking behind the scenes and sexual scandals, drugs and treachery.”
Other online auctions are available for Springsteen fans
The hackers originally demanded that Grubman pay $21 million as ransom, which was later doubled to $42 million. So far, Grubman has refused to play ball. "Our clients and the entertainment industry as a whole have overwhelmingly applauded the firm’s position that we will not give into extortion," a spokesman for the firm said, according to reports.
Brett Callow, a threat analyst at anti-malware business Emsisoft, told RollOnFriday: "Grubman is to be commended for refusing to give in to the criminals’ demands. If every company did that, ransomware would be a thing of the past rather than a $170 billion per year problem."
"It’s quite likely that REvil do have information relating to other celebs," said Callow. "Whether they have as much information as they claim and whether it’s as scandalous as they claim is impossible to say." Callow explained that firms could reduce the risk of ransomware attacks by following best practice.
REvil has had success in obtaining a huge ransom payout earlier this year when it received $2.3 million in bitcoin from Travelex after encrypting the company's files. And the gang has targeted other law firms, including an IP firm in the US with high-profile clients.
In 2017, a cyber gang crippled DLA Piper's communication network for over two days. The hackers asked the firm to pay an unspecified wedge of bitcoin, but RollOnFriday understands that the firm refused to cough up.