The celebrity law firm being extorted by a ransomware group has denied claims by the group that it has ever worked with President Donald Trump.
The attack on Grubman Shire Meiselas & Sacks, first reported May 12, started making headlines through the week after REvil, the Eastern European hacking group behind the ransomware attack, claimed it had damaging information on the president and wanted a payment of $42 million not to release the stolen data.
REvil started releasing copies of that data on Thursday, including shots of what it claimed is a tour contract for Madonna, among other items. Subsequently, the group released a tranche of internal emails from the law firm that mention Trump but don’t appear to involve anything salacious. The Daily Mail reported today that the mentions mostly center on rights discussions and approvals for videos featuring the president.
The hackers are still insisting that they have damaging material that they will release if their payment demand is not met. “Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever,” the hackers wrote.
The law firm is working with law enforcement agencies and will not pay the ransom.
“Ransomware is effective and devastating because it allows hackers to sell information back to the people who value it most — the victims,” Jonathan Knudsen, senior security strategist at electronic design automation firm Synopsys Inc., told SiliconANGLE. “As with other ransom situations, it is also impossible to know if paying the ransom will make your problem go away. Even if you regain access to your own information, your attacker might still have a copy of the information and be able to resell it to other interested parties.”
Knudsen added that like the celebrities whose information is now in jeopardy, we all interact with organizations every day that might result in a situation like this. “It is impossible to evaluate the security posture of every business where you have sensitive information and for the most part, we must rely on a system of trust,” he said.
Alan LeFort, vice president of consumer strategy at security software provider McAfee LLC, noted that REvil, also known as Sodinokibi, offers ransomware as a service.
“With the RaaS model, one group of developers maintains the code, while a separate entity of affiliates is responsible for spreading the malware,” LeFort said. “This system operates similarly to a company’s sales division, as employees specialize in their respective strengths and everyone takes a cut of the profits.”
The law firm is caught between a hacking rock and a client base hard place, noted Colin Bastable, chief executive officer at security awareness training company Lucy Security AG.
“For every other law firm, ensure that all partners and staff are mandated to undergo training,” Bastable said. “We know that some partners and senior lawyers, like other high-powered professionals, dislike being required to undergo security awareness training.”