The Sodinokibi/REvil ransomware team that attacked the entertainment law firm of Grubman Shire Meiselas & Sacks have certainly gotten media attention for this attack. In their first notice of the attack, they listed some of the celebrity clients, showed screenshots of some directory of files, and provided snippets from some celebrity-related files.
But then negotiations apparently fell apart and the attackers issued a press release saying that they were doubling the ransom demand to make it $42 million, and that they would begin dumping data. They dumped some files from Lady GaGa but also introduced a new threat — that they would dump dirt on President Trump.
When the media posted articles citing sources that said that Trump was never a client of the law firm and that the law firm had no intention of paying any ransom to “cyberterrorists,” the attackers issued a second press release, providing some “harmless” files that referenced Trump, and warning the firm that they would get money one way or the other – including the option of auctioning off celebrity files on a dark web auction site that is known for auction personal data of important figures.
Today, they issued their third press release:
For press #3 (Lawyer case)
Interested people contacted us and agreed to buy all the data about the US president, which we have accumulated over the entire time of our activity. We are pleased with the deal and keep our word.
05/25/2020 we are preparing to auction Madonna data. The rules are the same:
1. One-handed information
2. Confidentiality of the transaction
3. We delete our copy of the data
4. The buyer has the right to do whatever he sees fit with the data received.Starting price – 1 million dollars.
So will Madonna try to buy her own files to hopefully keep them out of the public’s eye? Will someone obsessed with her try to buy them? Will everyone just shrug?
Stay tuned, I guess, on that. But does anyone believe that anyone really bought data on Trump from REvil? I can see parties being interested in it as opposition research if there was really anything in the law firm’s files that would be useful, but if Trump wasn’t a client, then how much dirt was the law firm actually likely to possess? We may never know the answer to this one.