Photo Credit: Markus Spiske
Entertainment law firm Grubman Shire Meiselas & Sacks confirms a ransomware attack is in progress. Will they pay?
The law firm is starting the process of alerting its list of clients impacted by the theft. We reported on the high-security data breach yesterday – over 750 GB of data was stolen. Stolen data included contract provisions, with at least one leaked piece appearing to be from Madonna’s “Madame X” tour.
“We can confirm that we’ve been victimized by a cyberattack,” the New York law firm confirmed on Tuesday. “We have notified our clients and our staff. [Grubman Shire] have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”
A hacker group called REvil is claiming responsibility for the attack. Some of the clients retaining Grubman Shire Meiselas & Sacks services include Lady Gaga, Madonna, Nicki Minaj, Mary J. Blige, Bruce Springsteen, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, and more.
Cybersecurity firm Emsisoft revealed the hack after monitoring discussions on dark web forums. A small dump of files from the hack includes contracts, non-disclosure agreements, private correspondence, names, and email addresses.
REvil is well-known among security researchers who monitor ransomware attacks. The company previously targeted a UK company called Travelex, which paid $2.3 million to hackers to recover its data.
It’s unclear if Grubman Shire Meiselas & Sacks will pay the BTC ransom the hackers are asking. The law firm has not revealed the sum hackers are asking for in the attack.
That is, assuming this is a monetary ransom. In this type of attack, hackers typically ask the victim to pay a large amount of money in Bitcoin. If the victim refuses, the hacker threatens to release the information publicly. Given this treasure trove of data includes non-disclosure agreements, that could be bad for everyone involved. We’ll keep you updated as the story progresses.
Ummmm… $2.3 billion or million??
This is just the start. Law firms are notorious for having very poor data security. With all the money they make, it’s time for them to get it together and invest in their infrastructure.
True. And most haven’t a clue about data privacy laws and breach notifications laws. That is something Urkle handles while they are at court listening to the sounds of their own voices.
If someone inside the firm leaked this out, they’re a fucking idiot. You just created a honey pot for attacks. Maybe just killed the entire firm.