DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Multi-millions: Sodinokibi attackers demand $42 million of celebrity law firm, threaten to publish dirt they claim to have on President Trump

Posted on May 14, 2020 by Dissent

I honestly cannot think of a more ironic name for a blog than the Sodinokibi (REvil) ransomware operators calling their website “Happy Blog.”

Reading their updates today, they certainly didn’t seem happy, especially with Coveware, a firm that has assisted numerous ransomware victims. The firm’s services include helping negotiate ransom amounts and payment.

But something seems to have gone wrong from REvil’s perspective. For reasons that are not clear from the communications they published, after reaching an agreement with Sherwood Food & Harvest Distributors, something must have fallen apart, and the threat actors blame Coveware for that. Later in the day, they added more to their site about the situation:

We worked closely with coveware on many data recovery cases. But something went wrong yesterday. A case with Sherwood Food & Harvest Distributors was agreed for $7,500,000
At the very last moment, when we had already agreed on everything and were waiting for payment, coveware wrote that the client refused. We do not know how true this is, but the result in such cases is always the same:
1. The initial price of the contract is currently not valid and will be increased by the timer x2, as expected;
2. The data will be published every week in parts. It is inevitable and systematic. Up to the payment of the ransom up to a cent.

They then dumped some data as the first part of sticking to their plan.

The Sherwood negotiations weren’t the only negotiations Coveware was involved in this week with this group. They were also representing the media law firm that represents Lady GaGa, Elton John, Facebook, and other celebrities and huge entities. REvil writes:

Next. The hottest news, which we associate with GRUBMAN SHIRE MEISELAS & SACKS. Our demand was only 21.000.000$. The work was also done with the above mentioned coveware. After 10 days, we asked how much money had been collected from the amount. The answer was 365k. Of course, we realized that people are not determined to solve the problem. Correspondingly, our tactics the same:

  1. The initial price of the contract is currently not valid and will be increased by the timer x2, as expected;
  2. The data will be published every week in parts. It is inevitable and systematic. Up to the payment of the ransom up to a cent.

As proof of their intention, they dumped data alleged to be from Lady GaGa’s files.

And consistent with their policies, they have doubled the ransom demand to $42 million.

“Grubman,” they wrote, “we will destroy your company to the ground if we don’t see the money. Read the story of Travelex, it’s very instructive. You repeating their scenario one to one.”

But something else they wrote before that is sure to garner even more attention. They appear to be attempting to extort the President of the United States.

The next person we’ll be publishing is Donald Trump. There’s an election race going on, and we found a ton of dirty laundry on time. Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever. And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president. Well, let’s leave out the details. The deadline is one week.

There is a bit more to their press release, but they include this:

War to victory, only this way.

We’re staying tuned. DataBreaches.net has no idea what kind of claims they will be making about the President and whether they will be true or false. I have no doubt that many will declare them fake news, but either way, this certainly seems like election interference in the making.

Update: This post was edited post-publication to clarify the order the order of statements in REvil’s press release. Their statements about Trump were before their warning to Grubman that they would destroy their firm and the “poke a sharp stick at the guys” appeared to be in reference to Trump urging Grubman to pay their demands.

Related posts:

  • REvil responds to Grubman Shire law firm: “We will get the money”
  • SCOOP: UnitingCare paid hundreds of thousands of dollars to REvil for decryption key and deletion of files
  • Still think you can negotiate with REvil and get your files back? Read this first.
  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
Category: Business SectorGovernment SectorMalwareOf NoteU.S.

Post navigation

← Wright County notifies residents of 2019 email hack; COVID-19 response somewhat delayed notification
Hackers preparing to launch ransomware attacks against hospitals arrested in Romania →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.