Earlier this week, we talked about how a hacker group behind the development of the ransomware REvil (Sodinokibi) hacked Grubman Shire Meiselas & Sacks (GSMS), a New York-based law firm with dozens of global stars: list of clients GSMS contains names such as Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, U2 and so on.
And as often happens recently, hackers not only encrypted the data of the affected company, but also stole a lot of files related to the GSMS star clients. The group claims that the total amount of stolen information amounted to 756 GB, including contracts, phone numbers, email addresses, personal correspondence, non-disclosure agreements and much more.
After the hack, the group gave the affected company a week to pay the ransom. When this period expired, a new message appeared on the site of the attackers. REvil operators said that during negotiations with GSMS representatives they were offered a payment of $ 365,000, while crackers demanded $ 21,000,000 for the stolen data. Since the ransom was not paid at the appointed time, the hackers decided to double it, that is, now the amount is no less than 42 million dollars.
The main trump card of the REvil operators, because of which they demanded such a fabulous sum from the injured law firm, were not contracts of show business stars at all. The fact is, the attackers threatened GSMS that they would publish some incriminating evidence on US President Donald Trump. To begin with, hackers published more than 160 letters in which Donald Trump was mentioned in one way or another (there was nothing compromising or secret in these messages at all, Trump's name was basically just mentioned there in passing).
Also, hackers said that if the ransom is not paid, then every week on the darknet GSMS customer data will be auctioned (in alphabetical order). Attackers noted that they do not care who ultimately buys this information – the stars themselves, the media or blackmailers – the main thing is that the group will be able to make money on it.
Now the group has unexpectedly announced that it was contacted by certain people interested in “buying all the data about the US president,” which hackers have accumulated during their activity. REvil operators write that the deal has already taken place, and they were satisfied. Also, the attackers note that they keep their word, that is, now this information has been deleted and will remain with the unnamed buyer in a single copy.
As a result, information security experts agree that the hackers did not have any incriminating evidence on the US president. Attackers simply tried to put pressure on the GSMS leadership. And the alleged deal is just a way to save face.
In a new message, the creators of REvil write that they now plan to auction the files stolen in the GSMS associated with Madonna. The starting price is $ 1,000,000.