In a blog post Thursday on the dark web viewed by Variety, the hacker collective that is holding thousands of the law firm’s documents hostage — allegedly including private info on Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, and Mariah Carey — said they were increasing their demands for payment to $42 million. That’s double their initial $21 million ask. The group is threatening to publicly release more data if they’re not paid within a week.
On Thursday, the hackers behind the attack shared 2.4 gigabytes of documents relating to Lady Gaga, including contracts and nondisclosure agreements.
Trump will be the next subject of a data dump, the unidentified ransomware attackers claimed. “The next person we’ll be publishing is Donald Trump,” the blog post said. “There’s an election race going on, and we found a ton of dirty laundry on time.” The hackers added, “And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president. Well, let’s leave out the details. The deadline is one week.”
Variety has reached out to the White House and Grubman Shire Meiselas & Sacks for comment.
It isn’t clear what info the hackers might have on Trump or how it pertains to Grubman Shire Meiselas & Sacks, which is not known to have represented Donald Trump in any legal matter.
So far, according to the hackers’ post, they have received payment of $365,000 in connection with the documents stolen from the New York-based law firm. The group complained that they didn’t get the sum they first demanded, “So, the ransom is now $42,000,000. They have that’s [sic] the kind of money. And even more.”
Grubman Shire Meiselas & Sacks this week confirmed its computer systems were hacked, an incident that allegedly resulted in the theft of 756 gigabytes of private documents and correspondence.
“We have notified our clients and our staff [of the cyberattack],” firm said in a previous statement to Variety. “We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.” The law firm is working with the FBI and said it is not negotiating with the hackers or planning to pay a ransom, adding, “We are grateful to our clients for their overwhelming support and for recognizing that nobody is safe from cyberterrorism today.”
News of the hack surfaced last week. The attack on the law firm — whose client list spans music artists, actors and TV personalities, sports stars, and media and entertainment companies — was carried out by a group called “REvil,” also known as “Sodinokibi,” according to New Zealand-based cybersecurity firm Emsisoft.
The REvil group has previously staged ransomware attacks on entities including Travelex, the U.K.-based currency-exchange company, which paid $2.3 million in bitcoin to hackers, the Wall Street Journal reported.
According to Emsisoft, a previous data dump by REvil included a letter from Donald Trump, stolen in an attack on management consulting company Brooks International — but that correspondence, dated Feb. 8, 2018, was simply an invitation sent to the firm’s CEO, Luigi Damasceno, to a fundraiser at Trump’s Mar-a-Lago compound.