Hackers who targeted a top law firm posting purportedly secret documents naming A-list celebrity clients have doubled their ransom to $42 million, it has been claimed.
Notorious hacker group ‘REvil’, allegedly from Eastern Europe, are said to have stolen private emails, contracts and personal details from New York-based entertainment law firm Grubman Shire Meiselas & Sacks.
The firm represents stars including Lady Gaga, Lizzo and Madonna.
In the hacker’s latest threat, they claim to have ‘dirty laundry’ on Donald Trump, even though the President has never been a client of the firm, a source said.
According to Page Six, REvil posted a message on Thursday which said: ‘The ransom is now $42,000,000 … The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry on time.
They added: ‘Mr Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever.
‘And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president … The deadline is one week.’
Hackers who targeted a top law firm founded by attorney Allen Grubman (left) threatening to release secret documents naming A-list celebrity clients have doubled their ransom to $42 million. The hacker’s latest threat, they claim to have ‘dirty laundry’ on Donald Trump (right), even though the President has never been a client of the firm, a source said
The group claims to have obtained 767 gigabytes of information from the firm, including contracts, non-disclosure agreements, private contact information and private correspondence.
They have also encrypted back-ups and will only provide a means to access them if the company pays out.
A source told Page Six that one of the firm’s founders attorney Allen Grubman will not ‘negotiate with terrorists’.
The groups message told Grubman ‘we will destroy your company down to the ground’ if the money is not paid.
Hacker gang REvil claims to have stolen legal documents pertaining to Lady Gaga (left) and Madonna (right) from a law firm that represents A-list celebrities
The incident is evidently a ransomware attack, in which cybercriminals use the threat of releasing the stolen data as leverage to extort payment.
According to a source, Grubman, has ‘sensitive details on everything – work contracts, confidential settlements and endorsement deals for the biggest stars in New York and Hollywood.’
Grubman is the father of celebrity publicist Lizzie Grubman – whose clients have included Britney Spears and Jay-Z.
She was jailed for 38 days in 2001 for ramming her car into a crowd of people outside a nightclub in the Hamptons then went into high profile crisis management work.
Entertainment law firm Grubman Shire Meiselas & Sacks is founded by Allen Grubman (left), the father of celebrity publicist Lizzie Grubman (right) – whose clients have included Britney Spears and Jay-Z – and who has focused on damage control PR
REvil posted a screenshot of files titled with celebrity names and companies who are Grubman’s clients
REvil posted excerpts of a contract related to Madonna’s recent Madame X tour. The July 2019 contract is said to be one for a crewmember and contains the person’s social security details
‘Just think of Olivia Pope in Scandal, but for Hollywood,’ she told the New York Times in 2016. ‘I do divorces, I do arrests and cop situations, when someone is resigning or getting fired.’
According to cybersecurity firm Emsisoft, the group posted excerpts of a contract related to Madonna’s recent Madame X tour. The July 2019 contract is said to be one for a crewmember and contains the person’s social security details.
The group posted a contract signed by singer Christina Aguilera and another artist she worked with in 2013.
Another document related to the rapper Lizzo reportedly emerged too.
A release from REvil shows a list of files with the names of celebrities, including Bruce Springsteen, Barbara Streisand, Bette Midler and Mariah Carey.
The hackers also claim to have obtained files pertaining to other past and present clients including singers Nicki Minaj, Mary J. Blige, Jessica Simpson and Ella Mai; NFL player Cam Newton; actresses Priyanka Chopra and Idina Menzel; and rap group Run DMC.
The group also posted a contract signed by singer Christina Aguilera, and another related to the rapper Lizzo (pictured)
Another release shows a list of files with the names of celebrities, including Bruce Springsteen
Mariah Carey (left) and Bette Midler (right) were also among those whose legal documents were stolen in the breach, according to the hackers
HBO show Last Week Tonight With John Oliver was reported to be a target.
Sources told Page Six that the FBI is investigating. One told the outlet, ‘The hackers got into the system while everyone was focused on the coronavirus.
‘We assume, but there is no confirmation, that the hackers are Eastern European. They are demanding a $21 million ransom, and the firm is not negotiating with them.’
On Tuesday, the firm said in a statement to Variety: ‘We can confirm that we’ve been victimized by a cyberattack,’ New York-based entertainment law firm Grubman Shire Meiselas & Sacks .
‘We have notified our clients and our staff.
‘We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.’
In the past REvil has published stolen documents after companies didn’t pay up.
NFL free agent Cam Newton, formerly the starting quarterback for the Carolina Panthers, was also named in the stolen documents, the hackers claim
Emsisoft threat analyst Brett Callow told Variety it ‘is simply a warning shot’.
Grubman’s firm said HBO, Zoom and the Texas court system have been understanding as they have been victims of similar attacks: ‘Their clients have expressed overwhelming support as they understand the firm is the latest high-profile victim of this global extortion scheme.’
Law firms are often viewed by hackers as tempting targets, with troves of sensitive documents pertaining to dozens or hundreds of clients.
REvil, also known as Sodinokibi, was also responsible for a ransomware attack against currency service Travelex in January.
The group demanded a ransom of $6million in return for not deleting sensitive customer information.
It took four weeks before the company’s money transfer service and wire offering was fully up and running again, after Travelex reportedly agreed to pay a $2.3million ransom in bitcoin.
Travelex is the world’s largest retail currency dealer and provides travel money services for a host of partners.