A group of hackers is threatening to leak legal documents from a law firm used by some of the world’s biggest celebrities.
The first leak of data came last week, but the law firm Grubman Shire Meiselas & Sacks has now confirmed that it was victim to a security breach.
Criminals claim they are holding data on some of the firm’s A-list clients, including Robert De Niro, Madonna, Drake, Nicki Minaj and Mariah Carey.
One alleged legal document has already been released, of a Madonna tour contract, which the criminals are using as a method to pressure the law firm to pay up.
In a statement, the firm said: “We can confirm that we’ve been victimised by a cyber attack. We have notified our clients and our staff.
“We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”
Known as Sodinokibi/REvil, the criminal organisation has been known to use ransomware to lock victims’ computers before demanding payment in order to make them useful again.
The group is also believed to have targeted UK-based exchange firm Travelex earlier this year, forcing staff to resort to using pen and paper to record transactions.
The criminals claim they have stolen 756GB of legal documentation from the law firm and will release it in troves in order to elicit the ransom.
Sodinokibi/REvil maintains a website which lists numerous victims of its attacks who have not paid the ransom, and whose documents the group is leaking.
Lady Gaga, Bette Midler, Bruce Springsteen and Outkast are also among the clients which the hackers are claiming they now possess legal documents for.
Grubman Shire Meiselas & Sacks described itself as “universally recognised as one of the premier entertainment and media law firms in the country” on its website before the site was taken down.
This form of criminal enterprise is becoming increasingly common.
Last week, Sky News reported on a Sri Lankan clothing manufacturer that produces lingerie for brands including Beyonce’s Ivy Park, Nike, and Victoria’s Secret being targeted by cyber extortionists.
In the UK, the National Cyber Security Centre and the National Crime Agency recommend that victims don’t pay the ransom as there is no guarantee they will recover access to their devices or that the data will be deleted.
However it is in many criminal organisations’ interest to be seen to comply with ransom payments by following through with their promise as it encourages future victims to pay up.
“Ransomware attacks have become data breaches. This is an insidious development and bad news for companies – and especially those which, like law firms, hold sensitive data,” Brett Callow, a security researcher at firm Emsisoft told Sky News.
“It’s also bad news for the clients and business partners of those companies as their data is usually exposed in these incidents, leaving them at risk of impersonation, identity theft and other forms of fraud.
“Additionally, it’s also possible that the people whose information is exposed will be contacted directly by the threat actors and subject to extortion attempts,” he added.
“For example, after a plastic surgeon’s data was stolen, his patients were threatened with the release of their before-and-after photos.”