The criminal group behind REvil (Sodinokibi) ransomware is extorting a New York law firm, threatening to release sensitive documents to the company’s celebrity clients unless the company pays a ransom of up to $42 million.
On May 7, 2020, the REvil operator posted a message to GSMS employees on a dark web site, threatening to publish documents about its customers and stealing the REvil gang from the law firm’s internal network before encrypting the documents .
GSMS confirmed the incident and the ongoing blackmail attempt in a statement to the entertainment news site Variety on Monday.
The hacker gave the company a week to negotiate and pay the ransom, and the ransom time expired when the hacker posted a second message on his website last night.
The REvil operator stated that GSMS was willing to pay the $365,000 of the $21 million they requested, so they now double the ransom demand to $42 million.
In addition, as a punishment for the company’s failure to pay in time, the REvil gang also released a 2.4 GB file containing Lady Gaga legal documents, most of which are concerts, merchandise sales, and TV appearance contracts.
In addition to doubling the ransom requirement, the hacker also raised another hidden threat to the New York law firm, threatening to issue documents related to US President Donald Trump. We cite the REvil website:
The election is in progress and we found a lot of dirty trading documents on time. Mr. Trump, if you want to remain president, you must be furious with those guys, otherwise you may forget this ambition forever. For your voters, we can let you know that after such a publication, you definitely don’t want to see him become president. Well, we won’t go into details. The deadline is one week.
However, earlier today, the entertainment and gossip news site PageSix cited sources as saying that President Trump never became a GSMS customer. Based on current public information, this seems to be an empty threat, trying to put more pressure on the law firm to pay the ransom requirement.