Grubman Shire Meiselas & Sacks, a New York-based law firm use by numerous celebrities, was hit with REvil ransomware, and the attackers also stole vast amounts of data, including artists’ contracts.
Many ransomware attacks target specific industries and organization types, and law firms are not exempt. It turns out that they are actually a prime draw for attackers, as shown y the latest incident shows.
Lots of well-known artist use the law firm’s services, including Madonna, Mary J. Blige, Mariah Carey, HBO’s “Last Week Tonight With John Oliver,” and others. According to a Variety report, even Facebook is among the affected companies.
A ransomware attack means systems belonging to the law firm were locked and the data encrypted. In this case, the ransomware is REvil, also known as Sodinokibi. And, while encryption is bad enough, it turns out that the attackers also stole 756GB of data.
Criminal ransomware groups have started to change tactics as many companies take more precautions, such as insurance and backup systems. After stealing data, the attackers threaten to release it publicly or sell it on the dark web. Either way, it’s used as more leverage against the victim because the backup might not be enough.
“We can confirm that we’ve been victimized by a cyberattack,” said the firm to Variety. “We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”
Law enforcement agencies and cybersecurity experts always advise against paying ransom, but it remains to be seen how this standoff will end.
One of the more prolific attacks involving REvil took place on 31 December 2019 against Travelex, a foreign exchange firm. Reportedly, the company eventually paid $2.3 million dollars to regain access to their systems.