Hackers Threaten to Auction Legal Documents Involving Mariah Carey, Nicki Minaj, MTV, More

Cybercrime hacking ransomware
AP Photo/Damian Dovarganes

In the latest twist in the data hack involving top entertainment law firm Grubman Shire Meiselas & Sacks, the party purportedly responsible for the hack, which calls itself REvil, has threatened to auction off a vast amount of sensitive documents from some of the firm’s top clients. It laid out a schedule beginning on July 1, with docs from Mariah Carey, Nicki Minaj and Lebron James, followed two days later by Bad Boy Records, MTV and Universal, and then an unspecified one on July 5.

The first three bids start at $600,000; Bad Boy is $750,000 and the latter two $1 million.

The note, written in almost comically broken English, reads in part, “We have so many value files, and the lucky ones who buy these data will be satisfied for a very long time. Show business is not concerts and love of fans only — also it is big money and social manipulation, mud lurking behind the scenes and sexual scandals, drugs and treachery.”

It claims, “Each lot includes full information downloaded from the office, namely – contracts, agreements, NDA, confidential information, court conflicts [and] internal correspondence with the firm.”

The note concludes with a message to law firm founder Allen Grubman, presumably referencing an earlier $42 million ransom request: “Mr. Grubman, you have a chance to stop that, and you know what to do.” Grubman has said that he will not negotiate with the hackers, equating it to negotiating with terrorists.

In a statement, a spokesperson for Grubman Shire Meiselas & Sacks said, “The most recent post is yet another desperate nuisance tactic these criminals are using to try to squeeze out a profit from stolen data. Our clients and the entertainment industry as a whole have overwhelmingly applauded the firm’s position that we will not give into extortion.”

News of the hack surfaced last month, with the group claiming it stole a whopping 756 gigabytes of documents on multiple music and entertainment figures. Those include clients past and present, among them: Lady Gaga, Madonna, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel and Run DMC, the hackers claimed.

The data stolen by the hackers allegedly includes contracts, nondisclosure agreements, phone numbers and email addresses, and private correspondence, the group claimed in a post on a dark web forum. To show the hack was real, the group behind the attack initially released an excerpt from a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation.

It was a specific kind of ransomware attack, in which cybercriminals use the threat of releasing the stolen data as leverage to extort payment.

The attack on the law firm — whose clients span music artists, actors and TV personalities, sports stars, and media and entertainment companies — was carried out by a group called “REvil,” also known as “Sodinokibi,” according to cybersecurity firm Emsisoft. The group has previously targeted companies and organizations including Travelex, the U.K.-based currency-exchange company, which paid $2.3 million in bitcoin to hackers after a ransomware attack, the Wall Street Journal reported.