It’s not every day that I go to Variety for my daily blog post (in fact, it’s never happened before). But, this is a cybersecurity story that crosses over into the entertainment world. Here’s a large media and entertainment law firm that appears to have been the victim of a cyberattack – to the tune of about three quarters of a terabyte of data regarding its high profile clients.
As covered in Variety (Law Firm Representing Lady Gaga, Madonna, Bruce Springsteen, Others Suffers Major Data Breach, written by Todd Spangler and Shirley Halperin), the trove of data allegedly stolen from New York-based firm Grubman Shire Meiselas & Sacks by hackers — a total of 756 gigabytes — includes contracts, nondisclosure agreements, phone numbers and email addresses, and “personal correspondence,” according to an image of the hackers’ post provided to Variety by Emsisoft, a cybersecurity software and consulting company specializing in ransomware. BTW, as of this writing, the firm’s web site remains offline.
The documents purportedly include information about multiple music and entertainment figures, including: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, HBO’s “Last Week Tonight With John Oliver,” and Run DMC. Facebook also is on the hackers’ hit list.
In the type of ransomware attack evidently carried out against the legal firm, cybercriminals use the threat of releasing the stolen data as leverage to extort payment. According to Emsisoft, the hackers posted evidence of the data theft via a forum on the dark web, which lets users engage in secret transactions and hide their identities using encryption. It isn’t known how much the hacker group responsible for the attack may be demanding from the law firm in exchange for not releasing the material publicly and/or on the dark web.
The info the hackers has released so far “is simply a warning shot,” Emsisoft threat analyst Brett Callow told Variety. “It’s the equivalent of a kidnapper sending a pinky finger.” The implicit threat is that if the firm doesn’t pay the cybercriminals, the group will publish whatever other data they managed to steal, probably in installments, he added.
The ransomware attack on the firm was perpetrated by a group called “REvil,” also known as “Sodinokibi,” which has previously targeted Travelex, Brooks International and other organizations, according to Callow. Travelex, the U.K.-based currency-exchange company, paid $2.3 million in bitcoin to hackers that had infected its network with viruses, the Wall Street Journal reported last month.
The client list for the firm reads like a “who’s who” of the entertainment world. According to a study by Emsisoft, in 2019 at least 966 healthcare providers, government agencies, and educational institutions in the U.S. were targeted by ransomware attacks at a potential cost of more than $7.5 billion. The company says that as the COVID-19 crisis worsened in the first quarter of 2020, the number of successful ransomware hacks dropped considerably, to 89 cases identified in the period.
Well, there’s at least that bit of somewhat good news. Nonetheless, chalk this up as yet another example that shows that any company or firm, large or small, can be vulnerable to cyberattacks. And, the stakes are only getting higher.
So, what do you think? Can these ransomware hackers be stopped? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.