The cyber gangsters who recently infected the IT systems of the New York law firm Grubman Shire Meiselas & Sacks with their ransomware REvil / Sodonokibi and copied 750 GBye data of prominent clients have raised their demands. As the law firm confirmed to various media, they no longer want "only" $ 21 million, but instead $ 42 million.
According to one Article by Page Six magazine The gang has added another to their original means of printing, namely sensitive data from prominent law firm clients such as contracts, confidentiality agreements, telephone numbers, email addresses and correspondence. She is now allegedly threatening to release compromised information ("dirty laundry") about US President Donald Trump.
The deadline within which payment should be made is one week – otherwise things would come to light that could endanger Trump's re-election. Page Six quotes the extortionists as saying: "And to you voters, we can let you know that after such a publication, you certainly don't want to see him as president".
What kind of "dirty laundry" it is, however, is unclear – especially since, according to available information, Trump was not a customer of Grubman Shire Meiselas & Sacks neither as a private person nor as part of his presidency. Heise online reported yesterday on the law firm's ransomware attack.
Law firm apparently does not want to pay ransom
The Page Six article relies on an anonymous source, according to which lawyer Grubman refuses to pay the requested amount. In his view, a ransom payment does not (inevitably) prevent the gang from publishing the copied documents anyway. Furthermore, the hacked FBI is seen as an act of international terrorism – and the law firm does not negotiate with terrorists.
Meanwhile, an employee of Emsisoft, who had previously observed the first publications of copied law firm acts in the darknet, reported that the REvil gang was leaking further information step by step according to its threat. One Article by Computer Weekly According to them, they uploaded 2.4 GB of confidential documents from pop singer Lady Gaga to a file sharing service and then shared the link again on the Darknet.
The data disappeared from the file sharing platform very quickly; the researcher suspects that the firm intervened with their operators. However, the criminals were probably less concerned with the (permanent) availability of the documents anyway than with building up pressure.
. (tagsToTranslate) data theft (t) data protection (t) Donald Trump (t) REvil (t) ransomware (t) Sodinokibi