Hackers released confidential information about singer Lady Gaga on Thursday. Faced with the refusal of the law firm to pay the ransom of $ 42 million, the hackers claim to be able to attack the President of the United States.
Their four-star blackmail resembles the contents of a celebrity magazine, from Madonna to Lady Gaga to Donald Trump. On Thursday May 14, hackers threatened the President of the United States to reveal confidential documents about him if he did not intervene with a New York law firm to convince them to pay the ransom that they ask them. The company, victim of a cyber attack at the beginning of May, still refuses to pay the sum required by the pirates, who have got hold of a quantity of documents concerning American and European artists.
As a result, the hackers doubled the ransom from $ 21 million to $ 42 million, and embarked Donald Trump on this celebrity blackmail affair.
Who are the victims of this hack?
The cyber attack targeted the law firm Grubman Shire Meiselas & Sacks (GSMS). Based in New York, the latter works with big names in music and entertainment, as well as companies, such as Madonna, Facebook, Mariah Carrey, U2, Barbra Streisand, Elton John, Nicki Minaj, Run-DMC, Bruce Springsteen or the HBO program “Last Week Tonight”. Thus, their servers contain a host of confidential documents concerning these customers, such as contracts, non-disclosure agreements or simply documents mentioning the personal details of these celebrities.
To trap society, hackers managed to install ransomware or ransomware (ransomware, in English) on a company computer: this software encrypts the data there and asks the owner of the computer for money in exchange for the key to decrypt it. This ransomware, named REvil (or Sodinokibi), is well known to specialists: according to the Vice website, it emerged for the first time in April. At the time, the Wall street journal echoed the attack of Travelex, a foreign exchange company based in the United Kingdom: it paid, in bitcoins (a cyber currency), the equivalent of 2.3 million dollars.
Now, pTo obtain these sums, hackers can, as here, threaten to make these documents available. After indicating, Thursday, May 7, via a message published on their site (accessible on the darkweb), that they were giving GSMS a week to raise $ 21 million, they increased the pressure, Thursday, May 14, by publishing , still on the darkweb, “2.4 GB containing legal documents from Lady Gaga, most of which were contracts for concerts, merchandising and television appearances “, reports the ZDNet site. Noting that GSMS was not running, the hackers doubled the ransom to $ 42 million: a price that “exceeds all records “, notes the Cyberguerre site, hosted by Numerama, for whom the data collected in this cabinet of stars “could be resold at very good prices on hacker forums. “
Who are the pirates?
“Twelve different groups are today engaged in this double practice of extortion where the ransom is requested both to decrypt the files and not to disclose the stolen files”, writes ZDNet. How do you know who is behind this attack? According to Vice, the authors of ransomware promoted it as early as August on a forum of Russian hackers. At the time, the authors invited various pirate groups to seize it, only specifying that it “it was forbidden to use this computer code against targets in Russia”, implying that the pirates could be in the country.
Also, Vice indicates that a study of the ransomware code made it possible to recognize similarities between REvil and GrandCrab, another software developed by a group of hackers operating from Russia.
What are GSMS and Donald Trump going to do?
The New York law firm has ruled out the possibility of acceding to the hackers’ request. “Experts and the FBI have warned us that negotiating or paying a ransom to terrorists is a serious violation of federal law. Even when huge amounts are paid, criminals often leak data “, argued GSMS.
In response, the hackers promised that they “destroy the business” if they were not paid, before threatening the President of the United States: “There’s an election race going on, and we found a ton of dirty laundry in time. Mr. Trump, if you want to stay president, give the guys a slap, otherwise you risk forgetting that ambition forever “, warned the hackers.
Immediately, the American press reported that Donald Trump had never been a client of the hacked law firm, suggesting an attempt to bluff on the part of the hackers. In response, Saturday May 16, “Cybercriminals released a first wave of 169 emails purporting to prove they have information about the former businessman, continues Cyberguerre. But these files, consulted by journalists from Variety and Business Insider, only mention by far the president’s activity “, continues the specialized site, “and in no case contain compromising information.” The suspense could don’t be too long: the hackers’ ultimatum ends on Thursday 21 May.