Celebrity law firm hackers say they have a buyer for Trump data, now targeting Madonna
Hacking group now auctioning off stolen data after GSMLaw refused to pay its $21m ransom
After stealing data on numerous celebrities from one of the world's top entertainment law firms, the REvil ransomware group now claims to have buyers for its damaging information on US President Donald Trump while it prepares to auction off data on Madonna.
The hackers recently gained access to the network of the law firm Grubman Shire Meiselas & Sacks (GSMLaw) and stole 756GB of data on its clients. They tried to charge GSMLaw $21m to decrypt the files they had stolen but the firm refused to pay the ransom.
Once negotiations with the law firm broke down, the group published an archive containing 160 of Donald Trump's emails which were not quite as damning as the hackers initially said they would be. The REvil ransomware group also said that they would hold an auction every week selling celebrities' data in order to get paid for the hack.
- Donald Trump ransomware spreads dangerous malware
- Celebrity details stolen from law firm by Sodinokibi ransomware
- Sodinokibi ransomware has got even nastier
Now though, the hackers have announced that they were contacted by individuals interested in buying all of the data they have on the US president. The group is content with the proposal and they also promised to delete their copy of the data once the sale is complete.
Celebrity data
As GSMLaw did not agree to pay the hackers proposed $21m ransom, the group now plans to auction off files about Madonna in addition to selling the data about Donald Trump. The auction for Madonna's data will start at $1m and will follow the same rules as before.
REvil, which is also known as Sodin and Sodinokibi, has set up a highly profitable ransomware-as-a-business (RaaS) operation that relies on affiliates to make money.
In a statement to Page Six, GSMLaw denounced the REvil ransomware group and declared that it would not pay their ransom, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“The leaking of our clients’ documents is a despicable and illegal attack by these foreign cyberterrorists who make their living attempting to extort high-profile U.S. companies, government entities, entertainers, politicians, and others. We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law. Even when enormous ransoms have been paid, the criminals often leak the documents anyway.”
- Also check out our complete list of the best antivirus software
Via BleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.