Hackers who broke into the networks of a celebrity law firm have doubled their ransom demand to $42 million and threatened to reveal “dirty laundry” on Donald Trump in a week if they are not paid in full.
On Thursday, the hackers of Grubman, Shire, Meiselas & Sacks posted a new message, saying “The ransom is now $42,000,000… The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry.”
They added, “Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever. And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president… The deadline is one week.
“Grubman, we will destroy your company down to the ground if we don’t see the money.”
It is not clear why the hackers connected Trump to the firm as he has never been a client, Page Six says.
Page Six reports that the firm’s founder, Allen Grubman, is refusing to negotiate, with a source saying: “His view is, if he paid, the hackers might release the documents anyway. Plus, the FBI has stated this hack is considered an act of international terrorism, and we don’t negotiate with terrorists.”
Grubman is the father of the publicist Lizzie Grubman, who was famously jailed in 2001 after backing her SUV into a line of people waiting to gain entry to a Hamptons nightclub, injuring more than a dozen.
He has stars including Lady Gaga, Madonna, Mariah Carey, U2, Bruce Springsteen, Priyanka Chopra, and Bette Midler on his books.
The hackers earlier this week posted screengrabs of a Madonna contract in an attempt to prove their threats were credible.
The same group, known as REvil, successfully extorted $2 million from currency swap firm Travelex, it has been reported.
The firm said in a statement to Page Six, “Our elections, our government, and our personal information are under escalating attacks by foreign cybercriminals. Law firms are not immune from this malicious activity.
“Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom. We are working directly with federal law enforcement and continue to work around the clock with the world’s leading experts to address this situation.
“The leaking of our clients’ documents is a despicable and illegal attack by these foreign cyberterrorists who make their living attempting to extort high-profile U.S. companies, government entities, entertainers, politicians, and others.”
Industry sites such as Teiss said the hackers, calling themselves REvil, claimed on dark-web forums to have accessed 756GB of information on many clients, past and present, including Nicki Minaj, Christina Aguilera, Idina Menzel, and Run DMC.
The data stolen by the hackers allegedly includes contracts, nondisclosure agreements, phone numbers, email addresses, and private correspondence.
The REvil group posted an excerpt from a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation as proof that it was inside the law firm’s systems.
The hackers are seeking a ransom, using the threat of releasing the stolen data and not restoring locked backups as leverage to extort payment.
REvil is thought to be the same group of hackers that successfully extorted Travelex, the U.K.-based currency-exchange company, out of a $2.3 million bitcoin ransom, as The Wall Street Journal reported. REvil boasted to the Bleeping Computer blog that it used “Sodinokibi” ransomware to successfully lock Travelex’s entire network.
It initially demanded $6 million (£4.6m) to return the encrypted files but, according to the Journal, finally settled for $2.3 million paid in bitcoin. The attack forced Travelex to shut down operations at 1,500 outlets around the world.
Bleeping Computer says that the hackers have also provided snippets from a legal agreement in 2013 signed by Aguilera and an artist featured in one of her music projects. The blog has also published file lists showing the names of dozens of celebrities whose information may now be compromised.