The hackers who targeted a top-flight entertainment law firm have released documents purporting to pertain to Lady Gaga, after doubling their ransom request to $42 million.
Notorious hacker group ‘REvil’, allegedly from Eastern Europe, are said to have stolen private emails, contracts and personal details from New York-based entertainment law firm Grubman Shire Meiselas & Sacks.
Now, after their ransom demands were rebuffed, the hackers have published on their dark web site a 2.4-gigabyte folder including legal work the law firm did for Lady Gaga.
The files appear to be mostly standard music industry documents and tedious paperwork.
The documents include contracts sent to producers, collaborators, and members of her touring ensemble, promotional agreements, expense sheets, confidentiality agreement forms, performer agreements, reimbursement forms for the artist Jeff Koons, and some promotional photos.
The firm also represents stars including Bruce Springsteen, Lizzo and Madonna.
The hackers also claim to have ‘dirty laundry’ on Donald Trump, even though the President has never been a client of the firm, a source said.
According to Page Six, REvil posted a message on Thursday which said: ‘The ransom is now $42,000,000 … The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry on time.’
They added: ‘Mr Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever.
‘And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president … The deadline is one week.’
The group claims to have obtained 767 gigabytes of information from the firm, including contracts, non-disclosure agreements, private contact information and private correspondence.
They have also encrypted back-ups and will only provide a means to access them if the company pays out.
A source told Page Six that one of the firm’s founders attorney Allen Grubman will not ‘negotiate with terrorists’.
The group’s message told Grubman ‘we will destroy your company down to the ground’ if the money is not paid.
The incident is evidently a ransomware attack, in which cybercriminals use the threat of releasing the stolen data as leverage to extort payment.
According to a source, Grubman, has ‘sensitive details on everything – work contracts, confidential settlements and endorsement deals for the biggest stars in New York and Hollywood.’
Grubman is the father of celebrity publicist Lizzie Grubman – whose clients have included Britney Spears and Jay-Z.
She was jailed for 38 days in 2001 for ramming her car into a crowd of people outside a nightclub in the Hamptons then went into high profile crisis management work.
‘Just think of Olivia Pope in Scandal, but for Hollywood,’ she told the New York Times in 2016. ‘I do divorces, I do arrests and cop situations, when someone is resigning or getting fired.’
According to cybersecurity firm Emsisoft, the group posted excerpts of a contract related to Madonna’s recent Madame X tour. The July 2019 contract is said to be one for a crewmember and contains the person’s social security details.
The group posted a contract signed by singer Christina Aguilera and another artist she worked with in 2013.
Another document related to the rapper Lizzo reportedly emerged too.
A release from REvil shows a list of files with the names of celebrities, including Bruce Springsteen, Barbara Streisand, Bette Midler and Mariah Carey.
The hackers also claim to have obtained files pertaining to other past and present clients including singers Nicki Minaj, Mary J. Blige, Jessica Simpson and Ella Mai; NFL player Cam Newton; actresses Priyanka Chopra and Idina Menzel; and rap group Run DMC.
HBO show Last Week Tonight With John Oliver was reported to be a target.
Sources told Page Six that the FBI is investigating. One told the outlet, ‘The hackers got into the system while everyone was focused on the coronavirus.
‘We assume, but there is no confirmation, that the hackers are Eastern European. They are demanding a $21 million ransom, and the firm is not negotiating with them.’
On Tuesday, the firm said in a statement to Variety: ‘We can confirm that we’ve been victimized by a cyberattack,’ New York-based entertainment law firm Grubman Shire Meiselas & Sacks .
‘We have notified our clients and our staff.
‘We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.’
In the past REvil has published stolen documents after companies didn’t pay up.
Emsisoft threat analyst Brett Callow told Variety it ‘is simply a warning shot’.
Grubman’s firm said HBO, Zoom and the Texas court system have been understanding as they have been victims of similar attacks: ‘Their clients have expressed overwhelming support as they understand the firm is the latest high-profile victim of this global extortion scheme.’
Law firms are often viewed by hackers as tempting targets, with troves of sensitive documents pertaining to dozens or hundreds of clients.
REvil, also known as Sodinokibi, was also responsible for a ransomware attack against currency service Travelex in January.
The group demanded a ransom of $6million in return for not deleting sensitive customer information.
It took four weeks before the company’s money transfer service and wire offering was fully up and running again, after Travelex reportedly agreed to pay a $2.3million ransom in bitcoin.
Travelex is the world’s largest retail currency dealer and provides travel money services for a host of partners.