DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Multi-millions: Sodinokibi attackers demand $42 million of celebrity law firm, threaten to publish dirt they claim to have on President Trump

Posted on May 14, 2020 by Dissent

I honestly cannot think of a more ironic name for a blog than the Sodinokibi (REvil) ransomware operators calling their website “Happy Blog.”

Reading their updates today, they certainly didn’t seem happy, especially with Coveware, a firm that has assisted numerous ransomware victims. The firm’s services include helping negotiate ransom amounts and payment.

But something seems to have gone wrong from REvil’s perspective. For reasons that are not clear from the communications they published, after reaching an agreement with Sherwood Food & Harvest Distributors, something must have fallen apart, and the threat actors blame Coveware for that. Later in the day, they added more to their site about the situation:

We worked closely with coveware on many data recovery cases. But something went wrong yesterday. A case with Sherwood Food & Harvest Distributors was agreed for $7,500,000
At the very last moment, when we had already agreed on everything and were waiting for payment, coveware wrote that the client refused. We do not know how true this is, but the result in such cases is always the same:
1. The initial price of the contract is currently not valid and will be increased by the timer x2, as expected;
2. The data will be published every week in parts. It is inevitable and systematic. Up to the payment of the ransom up to a cent.

They then dumped some data as the first part of sticking to their plan.

The Sherwood negotiations weren’t the only negotiations Coveware was involved in this week with this group. They were also representing the media law firm that represents Lady GaGa, Elton John, Facebook, and other celebrities and huge entities. REvil writes:

Next. The hottest news, which we associate with GRUBMAN SHIRE MEISELAS & SACKS. Our demand was only 21.000.000$. The work was also done with the above mentioned coveware. After 10 days, we asked how much money had been collected from the amount. The answer was 365k. Of course, we realized that people are not determined to solve the problem. Correspondingly, our tactics the same:

  1. The initial price of the contract is currently not valid and will be increased by the timer x2, as expected;
  2. The data will be published every week in parts. It is inevitable and systematic. Up to the payment of the ransom up to a cent.

As proof of their intention, they dumped data alleged to be from Lady GaGa’s files.

And consistent with their policies, they have doubled the ransom demand to $42 million.

“Grubman,” they wrote, “we will destroy your company to the ground if we don’t see the money. Read the story of Travelex, it’s very instructive. You repeating their scenario one to one.”

But something else they wrote before that is sure to garner even more attention. They appear to be attempting to extort the President of the United States.

The next person we’ll be publishing is Donald Trump. There’s an election race going on, and we found a ton of dirty laundry on time. Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever. And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president. Well, let’s leave out the details. The deadline is one week.

There is a bit more to their press release, but they include this:

War to victory, only this way.

We’re staying tuned. DataBreaches.net has no idea what kind of claims they will be making about the President and whether they will be true or false. I have no doubt that many will declare them fake news, but either way, this certainly seems like election interference in the making.

Update: This post was edited post-publication to clarify the order the order of statements in REvil’s press release. Their statements about Trump were before their warning to Grubman that they would destroy their firm and the “poke a sharp stick at the guys” appeared to be in reference to Trump urging Grubman to pay their demands.

Category: Business SectorGovernment SectorMalwareOf NoteU.S.

Post navigation

← Wright County notifies residents of 2019 email hack; COVID-19 response somewhat delayed notification
Hackers preparing to launch ransomware attacks against hospitals arrested in Romania →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • International cybercrime tackled: Amsterdam police and FBI dismantle proxy service Anyproxy
  • Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
  • N.W.T.’s medical record system under the microscope after 2 reported cases of snooping
  • Department of Justice says Berkeley Research Group data breach may have exposed information on diocesan sex abuse survivors
  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • FTC dismisses privacy concerns in Google breakup
  • ARC sells airline ticket records to ICE and others
  • Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations
  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report