Hackers have targeted the famous New York-based law firm Grubman Shire Meiselas & Sacks and deployed ransomware to it, rendering much digital data inaccessible. They demand an astronomical ransom of $ 42 million to unlock them.
The information, originally revealed in the American press, was confirmed by the cabinet on Monday May 11. "We are victims of a cyber attack. We have warned our customers and our teams. We are working non-stop to solve the problem ”, a spokesperson said in a statement. According to New york post, the FBI is investigating.
In the absence of payment of the ransom, the hackers also threaten to publish certain documents from their booty online, which could represent several hundred gigabytes of data.
A heavyweight in the entertainment and media world
A law firm by its very nature holds very confidential documents: legal agreements, contracts, negotiations… And Grubman Shire Meiselas & Sacks is not just any law firm: the leak of confidential data from its clients could have significant repercussions. The list of its customers can be read, as desired, like the poster of an anthology concert (AC / DC, Bruce Springsteen, Elton John, Lady Gaga, Drake, U2, Usher…), an original film cast ( Spike Lee, Kate Upton, Robert de Niro, Naomi Campbell) or a renowned sports team (LeBron James, Colin Kaepernick, Cam Newton, Mike Tyson). The firm's client companies also include Activision, HBO, MTV, Samsung, Universal, Sony and Facebook.
The hackers have already started to publish a very small part of his documents, to prove their credibility and increase the pressure on their victim. These publications were made on their website and on the Mega online hosting platform, according to a screenshot sent to the World by a source in a cybersecurity company. The exact date of the hack remains unknown, but the firm’s site has been changed so that the names of clients and members will no longer appear between May 8 and 10, according to site archives.
"Foreign cyber terrorists"
In a second press release, sent to New york post Thursday, May 14, the cabinet describes its attackers as "Foreign cyber terrorists", who attacked him " despite (his) significant security investments " and now claiming "A ransom of $ 42 million". He calls it"Abject" the leak of confidential documents from his clients and does not seem ready to negotiate: "We have been told by our experts and the FBI that negotiating or paying a ransom to terrorists is a criminal offense. And even when huge sums are paid, they still publish the documents ”, continues the cabinet in its press release.
"In this situation, companies have no good solution. Even if they pay the ransom, there is no guarantee that criminals will destroy the data, especially if it is of great value. Data can thus be sold or exchanged ”, says Brett Callow, an analyst with the Emsisoft ransomware company.
"The intention of the criminals in this kind of case is simply to make money, not to publish the data. If they end up doing it, it means they've lost. They do so as warnings for their next victims, " continues Mr. Callow.
Ransomware designed by experts
According to several sources, the ransomware deployed in the law firm’s networks is Revil (also known as Sodinokibi). This strain is said to come from developers who are experts in the field: those from Gandcrab, who managed to extract, between January 2018 and May 2019, two billion dollars from their numerous victims.
Revil was seen for the first time last spring and infects its victims in multiple ways: by going through the host of their website or their digital tools, by compromising software download sites, through e – malicious emails … He targeted, last year, the British currency exchange company Travelex, which had agreed to pay more than $ 2 million in ransom.
Difficult at this stage to deduce anything about those responsible for the attack on Grubman Shire, since the same ransomware can be used by several mafia groups.
This attack confirms, in any case, the tendency of some ransomware operators to not only make precious files inaccessible and to demand a ransom, but to increase the pressure by threatening to publish certain documents. The French group Bouygues had paid the price, in February, of another group of hackers, whose mafia-style methods seem to be setting the standard.