Ransomware cyber criminals claim 42 million dollars from US law firm

The operators of the REvil ransomware

The backers of ransomware REvil, also known as Sodinokibi, have tried to blackmail a law firm based in New York. Among other things, they threaten the publication of data from clients, including numerous celebrities. The ransom note is currently $ 42 million.

Ransomware Gang Demands $42 Million From Celebrity Law

The cybercriminals posted a message on a portal on the Dark Web for the law firm Grubman Shire Meiselas & Sacks (GSMS) to announce the publication of files. Previously, they had apparently managed to infect the firm's systems with REvil ransomware. They stole the files before encrypting the files on the network, as is customary with ransomware.

Screenshots, which should show folders in the network of lawyers, provide information about the names of clients. According to this, customers of GSMS include Lady Gaga, Madonna, U2, Mariah Carey, Nicki Minaj, Run DMC and Bruce Springsteen.

The firm confirmed the incident to Variety and also the attempted extortion. The hackers initially claimed only $ 21 million. Since the lawyers passed the seven-day deadline or offered only $ 365,000 in ransom in the meantime, they doubled their claim to $ 42 million.

Criminal hacker group claims to have Trump documents

In addition, the REvil backers carried out their threat and published an archive with 2.4 GB of data. It contains legal documents such as contracts for concerts, TV appearances and merchandising by the US singer Lady Gaga.

To back up their demand, the hackers are now threatening another with the publication of files that should contain information about the US President Donald Trump. “An election campaign is underway and we have found a ton of dirty laundry to go with it. Mr. Trump, if you want to stay president, prick the boys with a sharp stick, otherwise you can forget that ambition forever. And we can tell voters that after such a publication, they will no longer want him to be president. Well, let's leave out the details. The deadline is one week, ”says the new message.

It is unclear whether Donald was ever a client of the GSMS law firm. The celebrity news site PageSix wants to know that there is no connection between Trump and the law firm. So it could be an empty threat from the hackers.

It is now almost common that ransomware gangs are not content with encrypting data, but also stealing files in order to put pressure on unwilling payment victims. At least twelve different groups have already adopted this strategy.   full-width