Law firm hacked and held to ransom

It has been reported today that hackers have stolen 756 gigabytes of data from New York entertainment law firm, Grubman Shire Meiselas & Sacks. The stolen data included contracts and personal emails belonging to its clients, Lady Gaga, Madonna, Bruce Springsteen, Rod Stewart, and Elton John among others.

As yet it is unknown what sum the hackers are demanding and whether the law firm are negotiating with them.

The law firm said in a press statement: “We can confirm that we’ve been victimised by a cyber-attack. We have notified our clients and our staff. We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”

Ransomware attack

According to reports the hackers are demanding payment and are threatening to publish the data unless they receive the ransom money. A screenshot allegedly showing a Madonna contract has already been released.

Despite being common and desirable targets for hackers, few law firms prioritise investment into their cyber defences.

Ransomware is a type of malicious software designed to block access to a computer system or computer files until a sum of money is paid. In this case, not only are the criminals withholding the data from the law firm, but due to the sensitive nature of the data they can cause further destruction by releasing it into the public eye.

In an update posted by the hackers themselves, REvil posted a message stating that the packs include “full information downloaded from the office, namely – contracts, agreements, NDA, confidential information, court conflicts, internal correspondence with the firm.” And the gang suggested that the documents contained salacious material, hinting that show business is not just about “concerts” but also “big money…social manipulation…mud lurking behind the scenes and sexual scandals, drugs and treachery.”

Security is a major concern for all businesses and creating a secure IT environment should be at the top of any business agenda. TiG are hosting an online Business Security Briefing on 21st May, where we’ll be joined by a member of the Police Cyber Security Team. Find out more on the event page.

Related insights

Nothing found.

Enabling specialist UK businesses to unleash their true potential.

Get in touch