A giant media and entertainment law firm in the United States which represents the mega-celebrities like Madonna, Nicki Minaj, Priyanka Chopra, Sofia Vergara, and Bruce Springsteen has alleged a data breach. The law firm has informed that the hackers have gained access to the personal data of these celebrities by using a ransomware attack tool.
As per reports, a total of 756 GB data have been stolen by hackers from New-York based firm. The data includes useful information like contracts, nondisclosure agreements, phone numbers and email addresses, and personal correspondence. The law firm named Grubman Shire Meiselas & Sacks has allegedly experienced a ransomware attack that apparently involved the REvil malware.
Other celebrities whose sensitive personal data has been breached include Christina Aguilera, Mariah Carey, Jessica Simpson, Naomi Campbell, Robert De Niro, Sofia Vergara, Spike Lee, the Osbournes (Ozzy, Sharon, and Kelly), and many more.
The top companies who are a client of this law firm include Discovery, EMI Music Group, Facebook, HBO, Imax, MTV, NBA Entertainment, Playboy Enterprises, Samsung Electronics, Sony Corp., Spotify, Tribeca Film Festival, Universal Music Group, and Vice Media Group, among others.
Following the attack, the website of Grubman Shire Meiselas & Sacks has effectively gone online, as at present it only displays the logo of the firm without any other content or link.
Hackers posted about the attack on darknet
According to a report by Variety, the hackers posted evidence of the data theft via a forum on the dark web, the part of the internet where users can engage in secret transactions and hide their identities using encryption. Emsisoft, a cybersecurity software and consulting company specializing in ransomware, found the post of the hackers informing about the exploit. According to cyber security experts at Emsisoft, the data released by the hackers so far “is simply a warning shot.” The implicit threat is that if the firm doesn’t pay the cybercriminals, the group will publish whatever other data they managed to steal, probably in instalments, they said.
Data stolen can be used for extortion
As per global cybersecurity firm Sophos, in such Ransomware attacks, cybercriminals use the threat of releasing the stolen data as leverage to extort payment. REvil, also known as Sodin or Sodinokibi is not just operating on the old-school ransomware model of “Scramble your files and offer to sell you back the decryption key”.
According to Sophos, the original criminal plot behind ransomware was that if you don’t have reliable back-ups that you could restore quickly, then you may have a choice to pay up to decrypt all your scrambled files and get your business in the process again.
Before scrambling all files as a tactic of grabbing attention, the hackers will silently upload the troves of so-called Acetrophy data that they used to blackmail anyone who is not willing to pay up or can be said that financial extortion is no longer just a “kidnap ransom” to get files back.
Sophos in a statement said, “Indeed, the REvil crew has already followed through on its threats to embarrass victims who don’t pay.” It further added, “Given that ransomware, crooks are no longer just keeping you away from your data but also threatening to put the rest of the world in touch with it, prevention is very much better than cure.”
Another worrying report of global mailing equipment company Pitney Bowes had also faced a data breach attack by Maze Ransomware.
Mentioning it Sophos said, “Maze is another cybercrime gang that goes in for huge ransoms and threatens to expose stolen data, infamously demanding about $6,000,000 last year from cable and wire manufacturer Southwire.”