Grubman Shire Meiselas & Sacks, a New York-based law
firm use by numerous celebrities, was hit with REvil ransomware, and the
attackers also stole vast amounts of data, including artists’ contracts.
Many ransomware attacks target specific industries and
organization types, and law firms are not exempt. It turns out that they are
actually a prime draw for attackers, as shown y the latest incident shows.
Lots of well-known artist use the law firm’s services,
including Madonna, Mary J. Blige, Mariah Carey, HBO’s “Last Week Tonight With
John Oliver,” and others. According to a Variety report,
even Facebook is among the affected companies.
A ransomware attack means systems belonging to the law
firm were locked and the data encrypted. In this case, the ransomware is REvil,
also known as Sodinokibi. And, while encryption is bad enough, it turns out
that the attackers also stole 756GB of data.
Criminal ransomware groups have started to change tactics
as many companies take more precautions, such as insurance and backup systems.
After stealing data, the attackers threaten to release it publicly or sell it
on the dark web. Either way, it’s used as more leverage against the victim
because the backup might not be enough.
“We can confirm that we’ve been victimized by a
cyberattack,” said the firm to Variety. “We have notified our clients and our
staff. We have hired the world’s experts who specialize in this area, and we
are working around the clock to address these matters.”
Law enforcement agencies and cybersecurity experts always
advise against paying ransom, but it remains to be seen how this standoff will end.
One of the more prolific attacks involving REvil took
place on 31 December 2019 against Travelex, a foreign exchange firm.
Reportedly, the company eventually paid
$2.3 million dollars to regain access to their systems.