The private legal affairs of dozens of the world's biggest music and movie stars — Lady Gaga, Elton John, Robert DeNiro, and Madonna among them — are at risk of exposure following a ransomware attack on a high profile New York entertainment law firm.
Grubman Shire Meiselas & Sacks have reportedly been hit by the REvil ransomware (also known as Sodinokibi), with the attackers threatening to release up to 756GB of stolen data in nine staged releases.
The stolen data includes confidential contracts, telephone numbers, email addresses, personal correspondence, non-disclosure agreements and more. The ransom amount demanded is not available, however it is invariably paid in Bitcoin.
Cointelegraph has viewed the gang’s darknet site where they published screenshots of legal contracts for Madonna, Christina Aguilera and of the company’s computer folder system.
Credible and proven threat
Brett Callow from information security firm Emsisoft said the breach could have serious privacy ramifications as law firms hold highly sensitive information about their clients..
"It’s not only bad news for the firm; it also puts the clients whose data has been exposed at risk of blackmail, spear phishing, identity theft and other types of fraud. In this instance, REvil claim to have exfiltrated a total of 756GB of data."
Callow described the screenshots leaked by the hackers as “the equivalent of a kidnapper sending a pinky finger”.
The firm represents a ‘Who's Who’ of Hollywood and the music industry including: AC/DC, Barbara Streisand, Bette Midler, KISS, U2, Madonna, Maroon 5, Robert De Niro, Elton John, John Mellencamp, Rod Stewart, Ricky Martin, Shania Twain, KISS, The Weeknd, Lil Wayne, and David Letterman.
It also represents companies including Facebook, Activision, iHeartMedia, IMAX, Sony, HBO, and Vice Media, as well as athletes including LeBron James, Carmelo Anthony, Sloane Stephens and Colin Kaepernick.
Just a warning shot … for now
"The data published so far would seem to simply be a warning shot," Callow said. "Should the firm not pay, whatever data the criminals the criminals may have obtained will be published online, probably in instalments in order to gradually ramp up the pressure."
REvil has previously attacked Travelex, 10x Genomics, Brooks International, Kenneth Cole and National Association of Eating Disorders and published data online from each. Travlex paid $2.3 million to recover its files.
Threatening to release company secrets has become an increasingly popular method by ransomware crews to ratchet up the pressure on companies to pay.
It was popularized by the Maze Crew who made good on threats late last year to release confidential information from security contractor Allied Universal after it failed to pay up.
Cointelegraph has contacted Grubman Shire Meiselas & Sacks for comment.