Hackers are reportedly threatening to release 756G of confidential data from a New York City law firm that represents some of the biggest music artists in the world.
Grubman Shire Meiselas & Sacks has a client list that includes Lizzo, Elton John, Lady Gaga, Madonna, Future, Bebe Rexha, Nicki Minaj, Mariah Carey and Canadians stars Carly Rae Jepsen and The Weeknd.
The firm appears to have been hit by a ransomware attack by Sodinokibi, a group better known as REvil.
"In the past, ransomware groups simply encrypted their victims’ data but, since late last year, they’ve been stealing it too and using the threat of its release as additional leverage to extort payment,” explained Brett Callow, a B.C-based threat analyst for Emsisoft, in an email. “Should the company not pay or not pay quickly enough, the data gets posted online.
"This is a concerning development as it means customers and business partners of those companies may be at risk of blackmail, identity theft or other forms of fraud.”
Earlier this year, London-based foreign currency exchange Travelex reportedly paid a $2.3 million U.S. ransom to recover 5 GB of data downloaded and encrypted by REvil. The hackers deal in a cryptocurrency to thwart law enforcement.
Emsisoft estimates ransomware costs the U.S. economy nearly $10 billion a year. “It is hugely profitable,” said Callow. “A group retired last year and sailed off into the sunset claiming to have made more than $2 billion.”
REvil is threatening to publish folders of contracts, telephone numbers, email addresses, personal correspondence and non-disclosure agreements downloaded from Grubman Shire Meiselas & Sacks.
The list includes documents titled “U2 Record Agreement” and “Gagosian-Jagger Project” (Larry Gagosian is a gallery owner) as well those named “Bruce Springsteen,” “MARIAH CAREY,” “Nicki Minaj” and “Mary J. Blige.”
As proof, the hackers posted a screenshot of folder names as well as sample documents, including an August 2019 confidentiality agreement for someone working for Lizzo and one dated July 2019 for someone employed on Madonna’s world tour. One of the documents has the employee's home address and the other shows the employee's social security number.
Part of a 2013 contract signed by former client Christina Aguilera was also shared.
“The data that’s been posted so far is simply a warning shot,” Callow told iHeartRadio.ca.
Grubman Shire Meiselas & Sacks, which has not commented on the alleged ransomware attack, took its website offline on Friday afternoon. The firm describes itself as “universally recognized as one of the premier entertainment and media law firms” in the U.S.