The firm has been threatened with the release of confidential information on its many celebrity clients
Big-name entertainment and media law firm Grubman Shire Meiselas & Sacks has been held up in a massive hack attack that threatens the confidentiality of its clients.
The New York firm, which counts Madonna, Elton John, Lady Gaga, Andrea Lloyd Webber and LeBron James among its star-studded clientele, was hit in a ransomware attack by a hacker group going by the names “REvil” and “Sodinokibi,” according to BBC News. The group claimed it possesses 756gb worth of data from the firm—including celebrities’ contracts and personal correspondence.
To substantiate the claim, the hackers posted a screenshot of what is allegedly part of Madonna’s contract with Live Nation for her 2019-2020 “Madame X” tour on the dark web, according to ransomware specialist cybersecurity company Emsisoft.
Grubman Shire Meiselas & Sacks confirmed the hacking in a press release, and has since neutralised its website.
“We can confirm that we've been victimised by a cyber-attack. We have notified our clients and our staff. We have hired the world's experts who specialise in this area, and we are working around the clock to address these matters,” the firm said.
According to Emsisoft, Grubman Shire Meiselas & Sacks has been put in a very difficult position.
“Companies in this position have no good options available to them. Non-payment of the demand will result in the information being published; payment will simply get them a pinky promise from criminals that the stolen data will be deleted,” said Emsisoft threat analyst Brett Callow in a statement to BBC News.
REvil/Sodinokibi victimised UK-based foreign exchange company Travelex with ransomware in January, and received over $2m in bitcoin currency. The group has threatened Facebook as well.
“These incidents are becoming increasingly commonplace and increasingly concerning. And incidents involving law firms are even more concerning due to the sensitivity of the data they hold,” Callow said.