REvil to Auction Stolen Madonna Data

A threat group that claims to have stolen nearly a terabyte of data from a prominent entertainment law firm has said it will put sensitive information relating to Madonna up for auction.

REvil allegedly made off with 756GB of data from New York lawyers Grubman Shire Meiselas & Sack in a ransomware attack earlier this month. The law firm, whose celebrity client list includes LeBron James and Mariah Carey, confirmed last week that it had fallen victim to a ransomware attack. 

After their initial ransom demand for $21m in Bitcoin was not met, REvil doubled it and released 2GB of data that appeared to be taken from contracts involving Lady Gaga. But so far, the law firm has not paid the criminals a dime.

In a statement to Page Six, Grubman Shire Meiselas & Sack said: “We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law.”

However, paying to retrieve the encrypted files may not have been ruled out entirely by the law firm, which told Bleeping Computer: “Unless the FBI determines the ransomware was deployed by a designated terrorist organization or nation state, the FBI treats ransomware investigations as criminal matters.”

Now the threat group, intent on monetizing their crime, has said it will auction off stolen data relating to the singer Madonna on May 25. Bidding is set to start at $1m. 

The criminals claim that the auction will take place confidentially and that they will delete their copy of the data after the sale has been completed. 

Earlier this week, REvil claimed to have data about Donald Trump for sale. The group said that the data was not stolen from Grubman Shire Meiselas & Sack but was "accumulated over the entire time of our activity."

Without producing any evidence to back up its claim, REvil is now conveniently saying that the data on Trump has been sold. On its Tor site, the group stated: "Interested people contacted us and agreed to buy all the data about the US president." 

Commenting on the alleged sale of the Trump data, Emsisoft's Brett Callow said: "Whether they had the presidency-destroying information that they claimed to have is something we may never know. But I still think it was probably a bluff!"

What’s Hot on Infosecurity Magazine?