REvil hackers double ransom for celebrity law firm, threaten to release Trump ‘dirty laundry’

A celebrity law firm hit by a REvil ransomware attack is refusing to pay up, and now attackers have doubled the ransom request to $42 million and threatened to release damaging information on President Trump.

Although Trump reportedly has never been a client of Grubman Shire Meiselas & Sacks, the New York Post Page Six noted, the hackers posted a message online saying that the ransom had been doubled and that “The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry...”

The message urged the president to “poke a sharp stick at the guys” if he wanted to remain president, “otherwise you may forget this ambition forever. And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president.” The attackers gave the firm a one-week deadline and threatened attorney-to-the-stars Allen Grubman with the destruction of the “company down to the ground” if the firm doesn’t pony up.

The cyberattackers breached the high-profile entertainment and media law firm, infecting the practice with ransomware and stealing files apparently pertaining to star clients, which include Lady Gaga, Madonna, Elton John, Barbara Streisand, Bruce Springsteen, Mariah Carey and Mary J. Blige. The attackers have already posted more than 2G of data relating to Lady Gaga.

Their claim of having Trump-related files is more dubious. "The group’s claims to have dirt on Trump are probably a bluff and/or designed to garner media attention," said Brett Callow, threat analyst at Emsisoft. "That said, one of REvil’s previous data dumps did include a piece of correspondence from Trump, albeit simply a form ’thank you’ letter. This was stolen by REvil in an attack on Brooks International."

But “doubling down and leveraging Donald Trump’s brand value is perfect,” said Lucy Security CEO Colin Bastable. “No downside for the hackers, no upside for the victims and all grist for the media mill, because someone fell for a phishing email.”

The firm has decided to hold firm against the attackers, saying in a statement that the FBI and cyber experts advise that "negotiating with or paying ransom to terrorists is a violation of federal criminal law."

"Even when enormous ransoms have been paid, the criminals often leak the documents anyway," agreed Jonathan Knudsen, senior security strategist at Synopsis. "Personal information is valuable by itself, but personal information about celebrities is even more valuable. The attackers in this case have, unfortunately, perpetrated a crime with deep impact."

The law firm's bravado may reflect a failure to train up its people and may be short-lived. "If you don't patch people as part of an integrated cybersecurity strategy, you get to make statements like 'We are grateful to our clients for their overwhelming support and for recognizing that nobody is safe from cyberterrorism today,'" said Bastable, referring to the firm's statement. "That client support will turn to overwhelming lawfare if the celebrities feel pain."

He maintained that "if people need a lesson on how hackers fuse psychology, marketing and "impending event" sales closing, this is a perfect case study in the black art of hackstortion."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.