New York A-List law firm faces $42 million ransom demand from cyber criminals

14 May 2020 , 6:38pm

A leading entertainment and media law firm is facing a demand for $42 million ransom demand after cyber criminals hacked into its systems. 

Celebrity law firm Grubman Shire Meiselas & Sacks was attacked by a group of cyber criminals threatening to leak A-list stars' personal information after hacking into the firm's website.  The hackers released what is alleged to be a contract for Madonna, information on Lady Gaga and claims they have information on President Donald Trump (who is not a client at the firm). They upped their ransom demand from $21million to $42 million and warned more will follow unless the ransom is paid.

Grubman Shire Meiselas & Sacks said: "We can confirm that we've been victimised by a cyber-attack. We have notified our clients and our staff. We have hired the world's experts who specialise in this area, and we are working around the clock to address these matters."

The law firm represents some of the biggest name personalities in TV, film and sport including Lady Gaga, Madonna, Elton John, Rod Stewart, U2, Robert De Niro  and Barry Manilow as well as media and online giants such as Sony, Spotify, Vice, and EMI. Mariah Carey, Jessica Simpson and a Gagosian-Jagger project are listed by the criminals as part of the hack.

In a statement to Variety, the firm said “Law firms are not immune from this malicious activity. Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom. We are working directly with federal law enforcement and continue to work around the clock with the world’s leading experts to address this situation.”

The hackers, who are known as REvil or Sodinokibi, previously attacked foreign exchange company Travelex with ransomware in January.

Law firms vulnerable to cybersecurity attacks

In a comment in the Global Legal Post, Martin Sutherland, CEO of cybersecurity experts Reliance ASCN and an early pioneer in cyber technology, says law firms are particularly vulnerable to cybersecurity attacks. "Professional service companies represent 18% of organisations targeted by attackers using ransomware - software used to encrypt files until a ransom is paid. In this increasingly hostile digital age, law firms are sitting ducks and it is hard not to have sympathy for GSMS – like many boutique law firms cyber security is not an area of core business and so it’s hard to attract and retain the necessary skills and expertise in house to defend against ever more sophisticated cyber-attacks." 

He advises law firms to be on alert and "Expect the unexpected: the only scenarios we can test are those that we can anticipate, so be prepared for the unexpected. Have a trusted partner on standby to help with incident response if needed. Do the work ahead of time to ensure you have the agreements in place so that time isn’t wasted when the crisis hits. Also consider cyber insurance as the last line of defence against the unexpected."