The hackers who stole confidential files about stars including Lady Gaga, U2, and Bruce Springsteen from a top entertainment law firm claim to have sold information on Donald Trump to a secret buyer, and now say they’re demanding at least $1 million for details on Madonna.
The REvil ransomware group, which is said to have successfully extorted $2 million out of the Travelex currency exchange service earlier this year after crippling its computer network, accessed the systems of Grubman Shire Meiselas & Sacks Law, stealing and encrypting vast amounts of data.
After the firm said it would not negotiate with the hackers, citing FBI guidance, the hackers said they would sell the data instead.
They now claim to have agreed to a sale of information about Trump.
In a post on a hacker forum, cited by industry blog Bleeping Computer, the hackers said they have been contacted by individuals interested to “buy all the data about the U.S. president” and that they are “content” with the proposal. They promised to delete their copy of the data, making the buyer the only one who has it.
Bleeping Computer says it was told by “numerous sources who have reviewed the leaked data that it was harmless and did not contain anything damaging to President Trump.”
Last week, the hackers said they had “a ton of dirty laundry,” on Trump; industry blogs are by and large skeptical of the claim.
The hackers also reportedly published on the dark web a 2.4-gigabyte folder containing legal work the law firm did for Lady Gaga. While hugely confidential, the files appeared to be mostly standard music-industry documents.
The failure of the Gaga or Trump documents to spark headlines has not deterred the hackers’ ambitions. They now say they are going to auction their Madonna material on May 25, with a starting price of $1m.
In a previous statement, the law firm called REvil “foreign cyberterrorists” and said: “We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law.”
REvil, also known as Sodin and Sodinokibi, is thought to be a highly profitable ransomware-as-a-business operation. It initially demanded $21 million to decrypt the Grubman files; when this was not paid, it doubled the demand.
A spokesperson for the FBI told Bleeping Computer: “The FBI encourages victims to not pay a hacker’s extortion demands. The payment of extortion demands encourages continued criminal activity, leads to other victimizations, and can be used to facilitate additional serious crimes. Furthermore, paying a ransom does not guarantee the victim will regain access to their data.”
Industry sites such as Teiss said the hackers claimed on dark-web forums to have accessed 756GB of information on many clients, past and present, including Nicki Minaj, Christina Aguilera, Idina Menzel, and Run DMC.
The data stolen by the hackers allegedly includes contracts, nondisclosure agreements, phone numbers, email addresses, and private correspondence.
The REvil group posted an excerpt from a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation as proof that it was inside the law firm’s network.