REvil Ransomware Actors Threatening to Leak “GSMLaw” Documents

  • REvil has allegedly compromised a high-profile law firm and now threatens to leak documents.
  • The files that they have include contracts, agreements, phone numbers, and conversations of artists.
  • The Sodinokibi group is most likely asking the law firm to pay an astronomical amount in Monero.

It’s been a while since the Revil/Sodinokibi gang managed to steal the spotlight with a high-profile attack, but they were by no means inactive all this time. According to a recent report, REvil hackers successfully compromised the New York-based law firm “Grubman Shire Meiselas & Sacks” (GSMLaw), infecting its systems with ransomware and exfiltrating highly sensitive documents in the process. The firm is known for representing VIPs and successful artists of the likes of Madonna, U2, Bruce Springsteen, Nicki Minaj, Lady Gaga, Elton John, Robert de Niro, Usher, and Rick Ross.

SodinScreenGSMLaw
Source: Bleeping Computer

Thus, the REvil group is likely holding very revealing documents that a large number of entertainment and media personas would prefer to keep private. In the screenshots that the threat actors published as proof, we can see U2’s publishing and record agreements, a folder named “Facebook,” another one containing files concerning a reality TV show, and various other things. There are many sensitive details to be found there – if these files are indeed the products of a data breach and not a made-up list.

SodinScreenGSMLaw2
Source: Bleeping Computer

In total, the hackers claim to have 756 GB of data, and they warn about the contents that include non-disclosure agreements, email addresses, phone numbers, contracts, and even personal correspondence. They even claim to own a legal agreement between the firm and Christina Aguilera, which dates back to 2013, and also an agreement between one of Madonna’s crew members and the “Live Nation Tours” company regarding the 2020 World Tour.

Sodinokibi isn’t known for delivering empty threats, so we can safely assume that the claims concerning the security breach on GSMLaw’s computers are valid. The particular group of actors has proven its skills before, crippling Travelex for months, causing business disruption to CyrusOne, and striking PerCSoft hard. These are just examples taken out of an ocean of ransomware infections attributed to the particular threat actors. Still, there’s one fundamental change that plagues the victims now compared to how things worked when the strain first appeared last summer – that is the file-stealing aspect that is now bringing a ton of trouble and is pushing GSMLaw on the ropes with a ransom amount that we’re sure it’s a hefty one.

The REvil actors are asking for payments to be made in Monero, as this has served them well in keeping their anonymity intact so far. Monero is hard to trace, its confidential, private (all amounts and transaction points are obfuscated), secure, and fungible. This is why we have seen North Korean hackers using it, and the “Outlaw” group are also relying on it.

REVIEW OVERVIEW

Recent Articles

50 (Out of 74) Providers Still Run VPN Servers in Hong Kong

UPDATE: We’ll continue updating this article as we receive more responses and new information from VPN providers. So please bookmark this page and check...

Get ExpressVPN 30 Days Risk-Free Trial Account on All Your Devices

ExpressVPN always has been and continues to be one of the top providers on the market. Even so, many of you would probably still...

2020 UEFA Champions League Live Stream: How to Watch Every Game, TV Schedule

Champions League is back! After months of keeping our fingers crossed, hoping that football would be back on the TV screens, it is finally...