According to REvil hackers, aka Sodinokibi, the email contains “harmless information” on Trump enough to prove that the group has data on him.
When ransomware attacks occur, the basic premise behind them is that the attackers will demand a sum of money in exchange for either decrypting the victim’s data or not leaking it. However, not every time does the victim pay and that is where things can go down south.
One case to exemplify this is that of a New York-based media and entertainment law firm named Grubman Shire Meiselas & Sacks which became the victim of the REvil ransomware group leaking 756GB worth of data on the 9th of May, earlier this month.
As it was recently covered on Hackread.com, we went over how their clients included high profile personalities, the likes of Robert DeNiro, Lady Gaga, and Madonna. Although at the time, no amount had been disclosed, later we found out that the attackers demanded $21 million.
This, Grubman refused to pay on the pretext that the actions of the attackers were tantamount to terrorism and there really was no guarantee that they would not leak the data anyways even after the payment.
The result was not pleasant. As we reported on the 15th of May, the hackers stepped up their money demands by twice to $42 million while also claiming that they had access to alleged confidential data relating to the US President Donald Trump.
According to the REvil ransomware group, the data has the potential of affecting Trump’s presidential campaign for the upcoming elections and so the purpose of such a revelation was to make Trump force the law firm to pay up.
Yet just recently, the attackers have released an email that shows alleged proof for the fact that they indeed do have access to the material regarding Trump as they claim to do so.
It is worth noting that the email was shared with Hackread.com by breach monitoring firm UndertheBreach
Alongside the above email, a letter has also been released directed at the law firm. It reiterates the notion that the attackers are not bluffing following up with a couple of severe implications that Grubman’s current attitude may have for them and their clients. These stated threats include the following if the payment is not made:
1. The data of the firm’s clients will be auctioned off every week on an information exchange available for anyone to buy. This obviously poses the danger of a random stranger buying it and then leaking it for free.
2. The firm will not be able to get back its data as the attackers control the decryption keys.
At the end of the notice, as shown above, is a fraction of some confidential data directed towards President Trump.
To conclude, Hackread.com will continue following this story closely to give an updated account to our readers. For the time being, we believe that it may be in Grubman has some thinking to do.
Nevertheless, the incident also goes out as a lesson to enterprises out there who should not be content with their security practices and should hire cybersecurity experts to pentest their networks ensuring the safety of data.