The ransomware gang that stole almost 1TB of legal secrets from the biggest names in the entertainment industry is now demanding $42 million in cryptocurrency or else it will expose U.S. President Donald Trump’s “dirty laundry”.
The gang has already released a 2GB trove of legal documents marked ‘Lady Gaga’ and fired the link media outlets including Cointelegraph, which broke the news about the attack last week on New York law firm, Grubman Shire Meiselas & Sacks.
The law firm has clients including Elton John, Robert DeNiro, and Madonna. The gang hacked and encrypted the firm’s server, stealing 756GB of data on confidential contracts, telephone numbers, email addresses, personal correspondence, non-disclosure agreements, and more. The company has so far refused to pay up.
Doubling down
The REvil ransomware group —also known as Sodinokibi — posted a new message on May 14, that said they were doubling their original ransom and using dirt on Trump as leverage: “The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry on time.”
Addressing Trump directly, REvil recommended he “poke a sharp stick at the guys” (referring to the law firm) within a week if he wanted to remain president. And to the voters: “…we can let you know that after such a publication, you certainly [won’t] want to see him as president.”
The attackers have threatened to release the stolen data in nine staged releases unless their demands for a ransom are met by the firm. The ransomware gang prefers to be paid in Monero, but also accepts Bitcoin for a higher fee.
It’s unclear what link Trump has to the firm, as he’s not believed to have ever been a client.
Response from law firm
According to The New York Post, Grubman is refusing to negotiate with the hackers, despite their threats to “destroy [the law firm] down to the ground if [they] don’t see the money.” He believes the hackers may release the documents even if he does pay, and the FBI considers the hack an act of terrorism. The US famously does not negotiate with terrorists.
Brett Callow from information security firm Emsisoft described the ransom as “one of the largest demands ever heard” and echoed Grubman’s sentiment:
“Companies in this situation have no good options available… Even if they pay the ransom demand, there is no guarantee the criminals will destroy the stolen data if it has a high market value. The data may still be sold or traded… In these cases, it’s possible that the criminals will attempt to extort money directly from the people whose information was exposed.”