REvil Ransomware Gang Threatens to Release Dirt on Trump

Ransomware attackers that stole data from a New York law firm on its celebrity clients have doubled their demand and threatened to release sensitive information on US President Donald Trump.

The REvil group claimed to have lifted 756GB of data from Grubman Shire Meiselas & Sack, which counts the likes of Madonna, Bruce Springsteen, Run DMC and Mariah Carey among its clients.

The media and entertainment law firm confirmed last week that it had been a victim of a cyber-attack and that it was “working around the clock to address these matters.”

However, the ransomware group’s original deadline for payment of $21m ran out at the end of last week, and it has now upped the demand to $42m.

To show they mean business, the cyber-criminals recently released over 2GB of stolen documents related to contract dealings of Lady Gaga.

They also threatened to publish dirt on Donald Trump, although reports suggest he was never a client of the law firm.

“There's an election race going on, and we found a ton of dirty laundry on time. Mr Trump, if you want to stay President, poke a sharp stick at the guys, otherwise you may forget this ambition forever,” they claimed on a dark web site.

“To you voters, we can let you know that after such a publication, you certainly don't want to see him as President. Well, let's leave out the details. The deadline is one week.”

Recorded Future’s senior solutions architect, Allan Liska, pointed to the threats as just the latest in a long line of incidents where ransomware groups first breach their victims in a bid to force payment.

“Ransomware groups have grown increasingly bold in their targets and their ransom demands and so far have been able to operate with very little pushback,” he added.

“In addition, it has long been suspected that this group operates within Russia's locus of control. The Kremlin generally turns a blind eye to these activities, as long as the threat actors don't target Russian citizens. However, going after an ally of Russia may force Russian cybersecurity forces to turn their attention to the REvil team as well.”

Trump has consistently refused to comply with demands from federal prosecutors to release information on his financial affairs. Separate investigations are looking at whether he committed tax fraud and if his business dealings left him subject to the influence of foreign individuals or governments.

What’s Hot on Infosecurity Magazine?