Celebrity law firm, Grubman Shire Meiselas & Sacks computer system was compromised, and celebrities’ legal documents were stolen. The hackers threatened to leak the content of the legal documents to the public, if the $21 million ransom is not paid.
The cyber criminals took around 756 gigabytes of confidential materials belonging to pop star Lady Gaga as well as artists like Madonna, Drake, Elton John, Bruce Springsteen, Nicki Minaj and Lizzo. These documents consist of legal documentations, promotional materials and confidentiality agreements, claimed by the Rolling Stone.
The hackers used the files as ransom and demanded $21 million but the law firm refused to pay it. In return, the hackers leaked some of the files. “It seems that GRUBMANS doesn’t care about their clients or it was a mistake to hire a recovery company to help in the negotiations,” they wrote. The hackers then increased the ransom to $42 million. Per the reports in Rolling Stone, the firm has no intention in meeting their demands. A law firm spokesperson quoted saying, “We are working directly with federal law enforcement and continue to work around the clock with the world’s leading experts to address this situation.”
“The leaking of our clients’ documents is a despicable and illegal attack by these foreign cyber-terrorists who make their living attempting to extort high-profile U.S. companies, government entities, entertainers, politicians, and others. We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law. Even when enormous ransoms have been paid, the criminals often leak the documents anyway.”
The hackers are going further and even threatening to disclose information related to President Donald Trump, even though a source says, Grubman never worked directly with the President, as reported by Rolling Stones. Grubman Shire Meiselas & Sacks The law firm stated that it had informed all its clients of the breach.
These types of breaches can be avoided by enabling security measures like two or multi-factor authentication and as well as cyber security staff training in recognizing phishing attempts. All it takes is an untrained employee clicking on a phishing email bait and the company’s confidential files are exposed.