In a blog post Thursday on the dark web viewed by Variety, the hacker collective that is holding thousands of the law firm’s documents hostage — allegedly including private info on Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, and Mariah Carey — said they were increasing their demands for payment to $42 million. That’s double their initial $21 million ask. The group is threatening to publicly release more data if they’re not paid within a week.
The law firm, through a rep, said it is not negotiating with the hackers. The FBI is actively conducting a criminal investigation into the data breach and ransomware demands.
On Thursday, the hackers behind the attack shared 2.4 gigabytes of documents relating to Lady Gaga, including contracts and nondisclosure agreements.
Trump will be the next subject of a data dump, the unidentified ransomware attackers claimed. “The next person we’ll be publishing is Donald Trump,” the blog post said. “There’s an election race going on, and we found a ton of dirty laundry on time.” The hackers added, “And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president. Well, let’s leave out the details. The deadline is one week.”
Variety has reached out to the White House for comment.
It isn’t clear what info the hackers might have on Trump or how it pertains to Grubman Shire Meiselas & Sacks, which has never represented Donald Trump or the Trump Organization in any legal matter. The attackers might simply be bluffing; alternatively, they may have obtained material on Trump from some other source.
In a statement provided to Variety through a rep, Grubman Shire Meiselas & Sacks said, “Our elections, our government and our personal information are under escalating attacks by foreign cybercriminals. Law firms are not immune from this malicious activity. Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom. We are working directly with federal law enforcement and continue to work around the clock with the world’s leading experts to address this situation.”
The statement continued, “The leaking of our clients’ documents is a despicable and illegal attack by these foreign cyberterrorists who make their living attempting to extort high-profile U.S. companies, government entities, entertainers, politicians, and others.” According to the firm, other organizations and companies including HBO, Goldman Sachs and the Department of Defense have been victims of similar cyberattacks.
So far, according to the hackers’ post, they have received payment of $365,000 in connection with the documents stolen from the New York-based law firm. The group complained that they didn’t get the sum they first demanded, “So, the ransom is now $42,000,000. They have that’s [sic] the kind of money. And even more.”
However, a rep for the law firm said it was categorically false that any payments have been made to the cybercriminals.
“We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law,” Grubman Shire Meiselas & Sacks said in the statement. “Even when enormous ransoms have been paid, the criminals often leak the documents anyway.”
Grubman Shire Meiselas & Sacks this week confirmed its computer systems were hacked, an incident that allegedly resulted in the theft of 756 gigabytes of private documents and correspondence. “We are grateful to our clients for their overwhelming support and for recognizing that nobody is safe from cyberterrorism today,” the firm said in its statement.
News of the hack surfaced last week. The attack on the law firm — whose client list spans music artists, actors and TV personalities, sports stars, and media and entertainment companies — was carried out by a group called “REvil,” also known as “Sodinokibi,” according to New Zealand-based cybersecurity firm Emsisoft.
The REvil group has previously staged ransomware attacks on entities including Travelex, the U.K.-based currency-exchange company, which paid $2.3 million in bitcoin to hackers, the Wall Street Journal reported.
According to Emsisoft, a previous data dump by REvil included a letter from Donald Trump, stolen in an attack on management consulting company Brooks International — but that correspondence, dated Feb. 8, 2018, was simply an invitation sent to the firm’s CEO, Luigi Damasceno, to a fundraiser at Trump’s Mar-a-Lago compound.
Updated 5/15, 2:20 p.m. PT to include statements from Grubman Shire Meiselas & Sacks.