A large media and entertainment law firm in the US representing top-notch celebrities like Priyanka Chopra, Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen and more has experienced a major data breach where hackers got access to personal data of these celebrities. The trove of data stolen from the New York-based firm by hackers "a total of 756GB" includes contracts, nondisclosure agreements, phone numbers and email addresses, and "personal correspondence ", reports Variety.
The law firm Grubman Shire Meiselas & Sacks, or gsmlaw.com for short, experienced a ransomware attack that apparently involved the appropriately named REvil malware. Other celebrities whose sensitive personal data has been hacked are Christina Aguilera, Mariah Carey, Jessica Simpson, Naomi Campbell, Robert De Niro, Sofia Vergara, Spike Lee, the Osbournes (Ozzy, Sharon and Kelly), and several more.
Representatives for the law firm did not issue comment and their website gsmlaw.com was effectively offline, displaying only its logo. In addition, top companies on the firm's client list include Discovery, EMI Music Group, Facebook, HBO, Imax, MTV, NBA Entertainment, Playboy Enterprises, Samsung Electronics, Sony Corp. Spotify, Tribeca Film Festival, Universal Music Group and Vice Media Group, among others. According to global cybersecurity firm Sophos, rather than simply knocking the law firm out of action temporarily, the ransomware crooks have stolen personal data from a laundry list of celebrity clients.
In such ransomware attacks, said Sophos, cybercriminals use the threat of releasing the stolen data as leverage to extort payment. REVil, also known as Sodin or Sodinokibi, isn't just operating on the old-school ransomware model of "scramble your files and offer to sell you back the decryption key". The latest trend in ransomware attacks is to use a double-barrelled weapon that gives victims two reasons to pay up.
According to Sophos, the original criminal plot behind ransomware was that if you didn't have reliable backups that you could restore quickly, then you might have little choice but to pay up to decrypt all your scrambled files and get your business moving again. In recent months, however, the cybercriminals have doubled down on their leverage. Before scrambling all your files as a way of grabbing your attention, the crooks quietly upload huge troves of so-called acetrophy data" that they use to blackmail anyone who is hesitant to pay up.
In other words, the financial extortion is no longer just a "kidnap ransom" to get your files back, but also a blackmail demand to stop the crooks leaking your data - or, worse still, your customers' data - to the world. "Indeed, the REvil crew has already followed through on its threats to embarrass victims who don't pay," Sophos said in a statement on Tuesday. Given that ransomware crooks are no longer just keeping you away from your data but also threatening to put the rest of the world in touch with it, prevention is very much better than cure, said Sophos.
Less star-studded but no less worrying is a simultaneous report that global mailing equipment company Pitney Bowes has experienced an attack by the Maze ransomware. According to Sophos, Maze is another cybercrime gang that goes in for huge ransoms and threatens to expose stolen data, infamously demanding about $6,000,000 last year from cable and wire manufacturer Southwire. Southwire hit back by filing a so-called John Doe (the name used in the USA where defendants haven't yet been identified) civil lawsuit against the as-yet-unknown criminals behind Maze.