New York-based law firm Grubman Shire Meiselas & Sacks confirms Variety May 11 that its internal data security was compromised by a ransomware attack. Confidential information stolen by hackers includes 756 gigabytes of contracts, nondisclosure agreements, phone numbers, email addresses, and private correspondence.
Ransomware attacks involve a situation where hackers usually demand ransom from their victims, threatening to disclose the stolen data to the public. According to Page six, sources say the pirates are demanding a ransom of $ 21 million. However, the victim’s law firm does not negotiate with them.
Brett Callow, threat analyst at anti-malware software company Emsisoft, said NME the amount was “not beyond the range of possibilities”.
“It would be the second largest [ransom] never – as far as we know, at least. In these cases, it is also possible that criminals may attempt to extort money directly from those whose information has been revealed. “
Callow also agrees with the law firm’s position on the negotiation, comparing it to a losing situation. “Companies in this situation do not have good options available to them,” he said.
“Even if they pay the ransom note, there is no guarantee that criminals will destroy the stolen data, especially if it has a high market value. Data can still be sold or traded. “
The data theft was carried out by the hacker group REvil, which also operates under the pseudonym Sodinokibi. The first news of the security breach appeared last weekend on dark web forums, when the group posted an excerpt from a Madonna 2019-2020 Mad X tour contract with Live Nation as evidence.
According to Callow, there are two likely scenarios for the current situation. A; company data backups may have been encrypted or deleted by the group, and two; hackers could not encrypt or delete the backups.
“In the first scenario, the business has two problems,” said Callow.
“Decipher your own data or decide what to do with stolen data. The only way to decipher it is to pay the criminals for a key. If they don’t pay, the data will be gone forever.
“In the second [scenario], the only question is what to do about the stolen data. In either case, if the firm decides to pay, it will simply receive a pinky promise that the stolen data will be deleted – and, since that pinky promise comes from criminals, it’s not something you can count on them. This is especially true if the data obtained has a high market value and could be easily monetized a second time. “
At the other end of the table, Callow thinks REvil / Sodinokibi is in the process of deciding what information they will release next.
“They’re probably not going to want to post anything too sensitive at the start, as it may reduce the company’s incentive to pay,” he said.
“The chronology defined by REvil may depend in part on the fact that they obtained as much data as they claimed. If they have not done so, they will want to push hard to set up quickly before the business realizes that they are bluffing.
“The intention of the criminals in these cases is simply to make money, not to publish the data. If they end up publishing all the data, it means they have lost. They simply post it as a warning to their next victim. “