Notorious law firm hacker group ‘REvil’ have shifted their ransom target from President Trump to Madonna as they demand at least $1 million for information on her.
The hacker group that breached a celebrity law firm last week released a trove of emails mentioning Trump, and claimed that they will publish much more damaging material if they aren’t paid a ransom of $42 million.
On Monday, REvil revealed they had sold the Trump documents to a secret buyer, stating, ‘Interested people contacted us and agreed to buy all the data about the US president …We are pleased with the deal and keep our word.’
‘REvil’, thought to be from Eastern Europe, stole private emails, contracts and personal details from New York-based entertainment law firm Grubman Shire Meiselas & Sacks.
Notorious law firm hacker group ‘REvil’ have shifted their ransom target from President Trump to Madonna
The hacker group that breached a celebrity law firm has released a trove of emails mentioning President Donald Trump
Entertainment law firm Grubman Shire Meiselas & Sacks is founded by Allen Grubman (left), the father of celebrity publicist Lizzie Grubman (right) – whose clients have included Britney Spears and Jay-Z – and who has focused on damage control PR
The hack was revealed last week, when the law firm representing such stars as Lady Gaga, Lizzo and Madonna confirmed that it had suffered a massive breach.
The group are now demanding at least $1 million for details on Madonna.
‘We are preparing to auction Madonna data … The buyer has the right to do whatever he sees fit with the data,’ they said on Monday.
Trump was never a client of law firm, and the released material, which was obtained and reviewed by DailyMail.com, mostly centers on rights discussions and approvals for videos featuring the president.
One such email chain discusses potential legal risk in using a fake positive review from Trump in a parody movie trailer.
In another email, a reporter contacted the law firm to inquire whether David Letterman had given the Hillary Clinton campaign permission to use a clip from his 2012 interview with Trump in an attack ad.
The law firm co-founded by Allen Grubman (left) and representing such stars as Lady Gaga (right), Lizzo and Madonna confirmed that it had suffered a massive breach
The lawyers concluded that no such release had been granted, but that Letterman didn’t mind the campaign’s usage of the clip.
The hackers have also published on their dark web site a 2.4-gigabyte folder including legal work the law firm did for Lady Gaga.
The files appear to be mostly standard music industry documents and tedious paperwork.
The documents include contracts sent to producers, collaborators, and members of her touring ensemble, promotional agreements, expense sheets, confidentiality agreement forms, performer agreements, reimbursement forms for the artist Jeff Koons, and some promotional photos.
In one email, a reporter contacted the law firm to inquire whether David Letterman had given the Hillary Clinton campaign permission to use this clip in an attack ad
Despite the innocuous nature of the stolen emails that were released, the hackers claimed to have much more damaging material.
‘Oh well. The first part, with the most harmless information, we will post here,’ the hackers said in a brief statement on their dark web site.
In a prior statement on Thursday, they also made the threat to target Trump, writing: ‘The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry on time.’
They added: ‘Mr Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever.
‘And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president … The deadline is one week.’
Mariah Carey (left) and Bette Midler (right) were also among those whose legal documents were stolen in the breach, according to the hackers
Another release shows a list of files with the names of celebrities, including Bruce Springsteen
Cybersecurity experts expressed doubts about whether the group has more damaging material on the president, but cautioned against assuming there is nothing to the threat.
‘It’s easy to assume they’re bluffing, but that wouldn’t help their cause. The firm would know they’re bluffing and be no more or less inclined to pay,’ one security source told DailyMail.com
‘Plus, it wouldn’t be good for their business model. To be able to extort money, your victims need to believe what you say.’
The group claims to have obtained 767 gigabytes of information from the firm, including contracts, non-disclosure agreements, private contact information and private correspondence.
They say they have encrypted back-ups and will only provide a means to access them if the company pays out.
‘Companies in this situation are without a good option. Whether they pay the demand or not, the data may be misused,’ Brett Callow, a threat analyst with cybersecurity firm Emsisoft, told DailyMail.com.
‘REvil claims the data will be destroyed upon payment, but why would a criminal enterprise ever destroy data that it may be able to monetize for a second time and especially as this data could have significant value?’
Callow pointed out that the criminals could attempt to extort money directly from the A-list celebrities mentioned in the stolen documents, as well as the law firm itself, though so far no such demands have been made public.
A source told Page Six that one of the law firm’s founders, attorney Allen Grubman will not ‘negotiate with terrorists’.
The groups message told Grubman ‘we will destroy your company down to the ground’ if the money is not paid.
According to a source, Grubman, has ‘sensitive details on everything – work contracts, confidential settlements and endorsement deals for the biggest stars in New York and Hollywood.’
Grubman is the father of celebrity publicist Lizzie Grubman – whose clients have included Britney Spears and Jay-Z.
She was jailed for 38 days in 2001 for ramming her car into a crowd of people outside a nightclub in the Hamptons then went into high profile crisis management work.
REvil posted excerpts of a contract related to Madonna’s recent Madame X tour. The July 2019 contract is said to be one for a crewmember and contains the person’s social security details
REvil posted a screenshot of files titled with celebrity names and companies who are Grubman’s clients
Last week, the group posted excerpts of a contract related to Madonna’s recent Madame X tour. The July 2019 contract is said to be one for a crewmember and contains the person’s social security details.
The group posted a contract signed by singer Christina Aguilera and another artist she worked with in 2013.
Another document related to the rapper Lizzo reportedly emerged too.
A release from REvil shows a list of files with the names of celebrities, including Bruce Springsteen, Barbara Streisand, Bette Midler and Mariah Carey.
The hackers also claim to have obtained files pertaining to other past and present clients including singers Nicki Minaj, Mary J. Blige, Jessica Simpson and Ella Mai; NFL player Cam Newton; actresses Priyanka Chopra and Idina Menzel; and rap group Run DMC.
REvil, also known as Sodinokibi, was also responsible for a ransomware attack against currency service Travelex in January.
The group demanded a ransom of $6million in return for not deleting sensitive customer information.
It took four weeks before the company’s money transfer service and wire offering was fully up and running again, after Travelex reportedly agreed to pay a $2.3million ransom in bitcoin.
Travelex is the world’s largest retail currency dealer and provides travel money services for a host of partners.