Security Market Segment LS
Thursday, 25 June 2020 07:16

Ransomware gang offers celebrity data from New York legal firm for auction Featured

Ransomware gang offers celebrity data from New York legal firm for auction Supplied

Attackers who hit the New York-based entertainment and media lawyers Grubman Shire Meiselas & Sacks using the REvil ransomware that attacks Windows systems have threatened to sell data on celebrities like singer Nicki Minaj, basketball star LeBron James and singer Mariah Carey through an acution process on 1 July.

The starting bid that the cyber criminals are asking for each set of data is US$600,000. But prior to any auction, the attackers say, on the dark Web, that they are willing to return all the data to the legal firm if they are paid US$42 million.

The group says data on companies Bad Boy Entertainment Holdings, Universal and MTV will be also be sold at auction on 3 July. The starting price for these data lots differs, with the minimum bid for the Bad Boy data being US$750,000 while for the other two firms it is a million US dollars each.

There have been reports that sub-domains of the main Grubman Shire Meiselas & Sacks domain are using an unpatched version of the Pulse Secure VPN server.

Brett Callow, a ransomware researcher with New Zealand-headquartered security firm Emsisoft, said attackers who used REvil were known to use vulnerable Pulse Secure VPN servers to gain a foothold in a network and then bide their time before launching a ransomware attack.

As iTWire reported on 8 May, the legal firm Grubman Shire Meiselas & Sacks has a huge number of high-profile clients, including Maroon 5, Robert De Niro, Elton John, Barbra Streisand, John Mellencamp, Rod Stewart, Ricky Martin, Shania Twain, KISS, The Weeknd, Lil Wayne, and David Letterman.

Among the companies it represents are Facebook, Activision, iHeartMedia, IMAX, Sony, Last Week Tonight with John Oliver, MTV, NBA Entertainment, New York Magazine, Tribeca Film Festival, The Spider-Man Partnership, HBO, Vice Media and Samsung Electronics.

Top-flight athletes like James, Carmelo Anthony, Sloane Stephens, Colin Kaepernick and Scottie Pippen are also on the company's client list.

The company has removed all pages from its website, apart from a landing page with its name. But it never had any media contact address even when iTWire looked for one on 8 May.

Callow told iTWire: "Incidents such as this are happening more and more frequently, and are very often the result of companies' failure to adhere to very well established security best practice such as prompt patching, using MFA (multi-factor authentication) everywhere it can be used, locking down RDP (remote desktop protocol), and so on."

He said any company that did not take these steps was likely to find itself in the exact same situation as Grubman Shire, adding that there was no easy way out of such a situation.

"Refuse to pay off the criminals and the pilfered data will be published, auctioned and/or used to attack to the company's customers and business partners," said Callow.

"Pay off the criminals and – well, the exact same things still happen. Companies only have the word of a bad faith actor that the data will be destroyed."


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.


talentCRU FREE WEBINAR INVITE - Cybersecurity in COVID-19 times and beyond

With the mass transition to remote working, our businesses are becoming highly dependent on the Internet.

So, it’s no surprise that we’ve seen an increase in cyberattacks.

However, what’s more concerning is that just 51% of technology professionals are highly confident that their cybersecurity teams are able to detect and respond to these threats.

Join us for this free online roundtable where our experts discuss key cybersecurity issues IT leaders are facing during the pandemic, and the challenges that will likely emerge in the coming years.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments