Celebrity Data Stolen in Ransomware Attack on NYC Law Firm

A New York City law firm that serves some of the world's biggest stars of stage and screen appears to have fallen victim to a REvil ransomware attack. 

Perpetrators of the attack are threatening to expose nearly 1TB of celebrities' private data unless Grubman Shire Meiselas & Sacks pays a ransom in Bitcoin.

With a client list that reads like a celebrity who's who, the entertainment and media law firm handles the private legal affairs of John Mellencamp, Elton John, David Letterman, Robert DeNiro, Christina Aguilera, Barbra Streisand, and Madonna. 

Companies Facebook, Activision, iHeartMedia, IMAX, Sony, HBO, and Vice Media and sporting stars LeBron James, Carmelo Anthony, Sloane Stephens, and Colin Kaepernick are also clients of Grubman Shire Meiselas & Sacks.

Cyber-thieves claim to have used REvil ransomware (also known as Sodinokobi) to steal 756GB of data that includes contracts, telephone numbers, email addresses, personal correspondence, and non-disclosure agreements.

The attackers are threatening to publish the data in nine staggered releases unless they are paid an undisclosed sum. Grubman Shire Meiselas & Sacks is yet to confirm or comment publicly on the alleged ransomware attack. 

Commenting on the incident, Emsisoft's Brett Callow said the impact of the attack could spread beyond the law firm to its famous and wealthy roster of clients. 

"It’s not only bad news for the firm; it also puts the clients whose data has been exposed at risk of blackmail, spear phishing, identity theft and other types of fraud," said Callow. 

Celebrities believed to have been affected by the incident include Bruce Springsteen, Lady Gaga, Jessica Simpson, Nicki Minaj, Priyanka Chopra, Mariah Carey, and Mary J. Blige. Cyber-criminals also claim to have exfiltrated data belonging to hip-hop legends Run-DMC and Outkast. 

The attackers have so far published two letters apparently signed by Madonna's 2019 tour agent and Christina Aguilera on the dark web.

Previous victims of REvil ransomware attacks include 10x Genomics, Brooks International, Kenneth Cole, and National Association of Eating Disorders. In each case, data stolen from the victims was published online when the targeted business refused to pay up. One victim, Travelex, paid $2.3m to recover files stolen in an attack.

What’s Hot on Infosecurity Magazine?