News of a possible attack surfaced last week when the threat group behind the REvil ransomware (also known as Sodinokobi) published what it claimed was a sample of 756GB data exfiltrated from the New York City law firm. Among the data it now appears was genuinely stolen from Grubman Shire Meiselas & Sacks is personal data belonging to a host of celebrities including Bruce Springsteen, Mary J. Blige, and Madonna.
The website for Grubman Shire Meiselas & Sacks is currently down while digital forensic experts work to recover the firm’s encrypted files.
In a statement given to Variety, Grubman Shire Meiselas & Sacks said: “We can confirm that we’ve been victimized by a cyberattack. We have notified our clients and our staff.”
The law firm gave no indication of how much Bitcoin was demanded in ransom by the threat actors. Nor did it state whether any payment would be made to recover the encrypted data of their star roster.
From the little information that the firm did release, it seems that rather than pay the cyber-thieves, an alternative solution is being sought to recover the data that was encrypted and stolen with REvil ransomware.
“We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters,” said Grubman Shire Meiselas & Sacks.
The threat group has threatened to publish the stolen data in nine installments. According to the threat group, information compromised in the attack includes contracts, telephone numbers, email addresses, personal correspondence, and non-disclosure agreements.
Jonathan Knudsen, senior security strategist at Synopsys, commented: “Personal information is valuable by itself, but personal information about celebrities is even more valuable. The attackers in this case have, unfortunately, perpetrated a crime with deep impact.”
Knudsen said that while ransomware attack victims could pay up to recover their files, they might struggle to recover their peace of mind.
He said: “Even if you regain access to your own information, your attacker might still have a copy of the information and be able to resell it to other interested parties.”
Source: Infosecurity Magazine