There has been a sense of shock across the entertainment world as it has been revealed that Grubman Shire Meiselas & Slack, a large law firm with hundreds of A-list celebrity clients, has been hit by a devastating ransomware attack. The New York-based firm deals with the legal affairs of many famous names, including Lady Gaga, Madonna, Bruce Springsteen, Christina Aguilera, Nicki Minaj, Robert de Niro, and Elton John. It also handles clients from the sporting world, such as Mike Tyson and LeBron James, as well as some companies, including Facebook, Discovery, and Samsung Electronics.
With such an esteemed clientele, the firm would have presented a tempting high-value target for cybercriminals, and so its cybersecurity should have been watertight. However, it appears that cybercriminals using the REvil/Sodinobiki ransomware have managed to find a way of launching their malware into the firm’s system. The ransomware has already claimed several other corporate victims, including UK company Travelex, who ended up paying $2.3 million to get its data back.1
As well as locking down the firm’s computers, the perpetrators behind the attack have stolen around 756GB of files containing clients’ personal data, including contact information, contracts, non-disclosure agreements, and personal correspondence. Unless a ransom is paid, they have threatened to publish that data in nine stages on the dark web.2 It is not known how much they are demanding.
To prove that they have the files and are not afraid to follow through on their threat, the cyber thieves have already released some information. Part of the contract from Madonna’s 2019-20 ‘Madame X’ tour and a legal agreement signed by Christina Aguilera has appeared on several forums on the dark web.3 The victims of this heist have been put at risk for potential future instances of blackmail, identity theft, and spear phishing, and must be reeling from the fact that such confidential information has got into unsavory hands.
Grubman Shire Meiselas & Sacks, too, will be aware that this data breach has severely affected their reputation. As well as the loss of clients, it is possible that it will face an investigation into how it secured its confidential data under the New York Data Security Act. Several security journalists have approached the firm’s partners for comment but have so far received no reply. It also appears that Grubman Shire Meiselas & Sacks’ website is also down and is currently only showing their logo.
So, what next? The attackers have previously made good on their threats to publish if the victim refuses to pay. There is no reason to believe that this case will be any different. The law firm may feel under enormous pressure from its clients to do whatever it takes to stop their information from becoming public, and this may be the route they will take. Paying ransoms in this way is not illegal in the US, but it is not encouraged either. While the FBI has softened its stance on payouts in certain situations,4 New York is considering bills that would ban local municipalities and governments from paying ransom demands, a move that potentially could spread to other organizations and businesses.5
If you want to use it – Screenshot taken from screenshot in article, although hackers have publicly released this on dark web, so it is in public domain.
- Naveen Goud, ‘Ransomware Attack on Grubman Shire Meiselas & Sacks Law Firm,’ Cybersecurity Insiders, 05/08/2020, accessed at https://www.cybersecurity-insiders.com/ransomware-attack-on-grubman-shire-meiselas-sacks-law-firm/
- Sarah Cole, ‘Celebrity Data Stolen in Ransomware Attack on NYC Law Firm,’ Infosecurity Magazine, 05/08/2020, accessed at https://www.infosecurity-magazine.com/news/celebrity-data-stolen-in/
- Ionut Ilascu, ‘REvil Tansomware Threatens to Leak A-List Celebrities’ Legal Docs,’ Bleeping Computer, 05/08/2020, accessed at https://www.bleepingcomputer.com/news/security/revil-ransomware-threatens-to-leak-a-list-celebrities-legal-docs/
- Shaun Nichols, ‘FBI Softens Stance on Ransomware: It’s (Sort of) OK to Pay Off Crims to Get Your Data Back,’ The Register, 10/03/2019, accessed at https://www.theregister.co.uk/2019/10/03/fbi_softens_stance_on_ransomware/
- Anthony Spadafora, ‘New York Wants to Ban Paying Ransomware Demands,’ Techradar, 01/24/2020, accessed at https://www.techradar.com/uk/news/new-york-wants-to-ban-paying-ransomware-demands