A cybercriminal ring claiming to have stolen a huge cache of data from a major media and entertainment law firm — whose clients include Bruce Springsteen, Madonna, Elton John and Lady Gaga — is demanding a $21 million ransom payment, according to a published report.
New York-based Grubman Shire Meiselas & Sacks this week confirmed its computer systems were hacked, an incident that allegedly resulted in the theft of 756 gigabytes of private documents and correspondence. It has declined to comment further.
“We have notified our clients and our staff [of the cyberattack],” firm said in a statement to Variety. “We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”
The hackers issued a ransom demand of $21 million to the law firm, the New York Post reported Tuesday, citing an anonymous source. The attackers have threatened to gradually release batches of the purloined data if they don’t receive payment. The firm is not negotiating with the cyberattackers, while the FBI is said to be investigating the case, the Post reported.
On Wednesday, the group apparently responsible for the attack tried to share an initial 1-gigabyte collection of documents and files to the Mega file-upload service — however, the hackers’ account was terminated by Mega for violating terms of service, and the download link was disabled. In an online post, the hackers cited Coveware, a ransomware remediation firm, as the “sponsor” of their attempted document leak and taunted Grubman Shire Meiselas & Sacks by saying it was “a mistake to hire a recovery company in the negotiations.”
News of the hack surfaced last week. The attack on the law firm — whose client list spans music artists, actors and TV personalities, sports stars, and media and entertainment companies — was carried out by a group called “REvil,” also known as “Sodinokibi,” according to cybersecurity firm Emsisoft. The group has previously targeted companies and organizations including Travelex, the U.K.-based currency-exchange company, which paid $2.3 million in bitcoin to hackers after a ransomware attack, the Wall Street Journal reported.
The hackers alleged they have possession of information on the law firm’s clients past and present, including Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, Run DMC and Facebook.