Ransomware attack puts Priyanka Chopra, Lady Gaga, Madonna and other celebrities’ data at risk — and REvil hackers are known to follow through on their threats

• US-based Grubman Shire Meiselas & Sacks, which manages celebrities like Priyanka Chopra, Drake, Madonna and many others, has been the victim of a REvil ransomware attack.
• The law firm has confirmed the breach and cybersecurity firm Emisoft claims the hackers posted evidence of data theft on the dark web.
• Cybersecurity experts told Business Insider that ransomware attacks are now a ‘double-barrelled weapon’ and having mitigation policies in place is the only way to prevent them.

After reports of a ransomware attack on leading IT company Cognizant, hackers have now breached the US-based Grubman Shire Meiselas & Sacks law firm. It manages cases for several prominent celebrities — including Priyanka Chopra, Lady Gaga, Drake, Madonna, Jessica Simpson, Bruce Springsteen and several others.

“REVil, also known as Sodin or Sodinokibi, isn’t just operating on the old-school ransomware model of ‘scramble your files and offer to sell you back the decryption key’. The latest trend in ransomware attacks is to use a double-barrelled weapon that gives victims two reasons to pay up,” said Paul Ducklin, the Principal Research Scientist at Sophos.

In March, operators of REvil ransomware published over 12 GB of data that allegedly belongs to one of its victims – Brooks International – after they refused to pay the ransom. “You need to hand it over to the experts for a forensic investigation. They will be able to determine what is jeopardized, what is not erased. They will take over potentially communicating with the attackers after they understand the depth of the attack,” Cyberproof President Yuval Wollman, the former Director General of the Israeli Intelligence Ministry— who has been working with customers who were affected, can potentially be targets of ransomware — told Business Insider.

Emisoft told Variety that the evidence of the 756-gigabyte (GB) data theft was posted via a forum on the dark web. The treasure trove of information including contracts, nondisclosure agreements, phone numbers, email addresses and personal correspondence. “Today we see attackers taking advantage of the new normality,” said Wollman.

Digital blackmail — to pay or not to pay?
The basis of the ransomware attack is not unlike conventional blackmail, except that its online. The hackers steal information that can then be used to extort the victims for compensation, normally monetary in the form of bitcoins.

The question then is whether or not the victims should pay up since all they have to go on is a pinky promise from a thief that they won’t release the data even after payment is made. “My recommendation would be, do not communicate directly with the hacker. This is exactly why you have security teams, whether it’s an in-house team or a combination of the IT security team in collaboration with an external partner,” said Wollman.

The cybercriminals behind the REvil ransomware attack are threatening to release the data stolen from Grubman Shire Meiselas & Sacks in nine instalments. “The crooks quietly upload huge troves of so-called ‘trophy data’ that they use to blackmail anyone who is hesitant to pay up,” said Ducklin.

“In other words, the financial extortion is no longer just a “kidnap ransom” to get your files back, but also a blackmail demand to stop the crooks leaking your data – or, worse still, your customers’ data – to the world,” he explained.

Prevention is better than the cure
Right now, Grubman Shire Meiselas & Sacks website is nothing more than their logo. Even though the law firm has confirmed the hack, they are yet to disclose how much of their data has been lost for good. While backing up data is a good mitigation strategy, it’s not full-proof, according to Wollman.

“Ransomware attacks that steal masses of data first, and where the crooks carefully learn their way around your network, very often leave telltale signs that someone is hanging around where they shouldn’t,” said Ducklin.

“Crooks who pull off all-your-network-at-once attacks can afford to spend time probing for any existing holes they know about. Make it harder for them by patching known bugs as soon as you can,” he explained.

In the case of Cognizant, the ransomware attack was initiated by Maze — another cybercrime gang — using a phishing email, according to Wollman. The source of the ransomware attack on Grubman Shire Meiselas & Sacks is still unknown.

The issue with such attacks is that it’s not only the firm or the company that’s put at risk but also its customers. The information that’s stolen can lead to identity theft, impersonation and a number of other fraudulent activities. They serve as important reminders for companies to stay on their toes and not take cybersecurity lightly.

SEE ALSO:
Experts explain the legal and moral pitfalls in Aarogya Setu app ⁠— despite the government’s insistence that a protocol has been put in place

Twitter just told employees they can work from home permanently

Ellen DeGeneres reportedly once called Steve Jobs to complain about her iPhone: 'She just lives in an incredibly privileged bubble'