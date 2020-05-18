On Thursday, the hackers have released confidential information about the singer Lady Gaga. Faced with the refusal of the firm to pay the ransom of 42 million dollars, the hackers claim to be able to take on the president of the United States.

Their blackmail four-star looks to the table of contents of people magazine, from Madonna to Lady Gaga up to Donald Trump. Thursday, may 14, hackers have threatened the president of the United States to disclose confidential documents to his subject if he did not intervene with a firm of attorneys in new york to convince them to pay the ransom they ask them to do. The company, the victim of a cyber attack at the beginning of the month of may, still refuses to pay the amount demanded by the pirates, which have put their hands on a quantity of documents relating to american and european artists.

Result : the pirates have doubled the amount of the ransom, which increased from 21 to 42 million dollars, and were embedded Donald Trump in this case of blackmail in the stars.

Who are the victims of this piracy ?

The cyber attack targeted the firm, Grubman Shire Meiselas & Sacks (GSMS). Installed in New York, the latter working with big names in music and entertainment, as well as companies, such as Madonna, Facebook, Mariah Carrey, U2, Barbra Streisand, Elton John, Nicki Minaj, Run-DMC, Bruce Springsteen, or the issuance of HBO “Last Week Tonight”. As well, their servers contain a lot of confidential documents relating to these clients, such as contracts, non-disclosure agreements or simply documents referring to the personal details of these celebrities.

To trap the company, the hackers managed to install a software ransom or rançongiciel (ransomware, in English) on a computer of the company : this software encrypts the data found there, and request the computer’s owner money in exchange for the key that will decrypt it. This rançongiciel, named REvil (or Sodinokibi), is well-known to experts : depending on the site Vice, it emerged for the first time in April. At the time, the Wall Street Journal echoed the attack of Travelex, a foreign exchange based in the United Kingdom : it has paid, in bitcoins (a cyber cash), the equivalent of $ 2.3 million.



Gold, pto obtain these sums, the pirates can, as here, threaten to make available the said documents. After having stated, on Thursday, 7 may, through a message published on their site (available on the darkweb), they accorded a week to GSMS to raise $ 21 million, they upped the pressure, Thursday, may 14, in publishing, always on the darkweb, “2.4 Gb containing legal documents of Lady Gaga, the majority of which were contracts for concerts, merchandising and tv appearances”, reports the site ZDNet. Finding that GSMS do not comply, the pirates have doubled the amount of the ransom, to $ 42 million : a price that “exceeds all records”, reports to the site Cyber warfare, hosted by Numerama, for which the data collected in this cabinet of stars “could resell at a very good price on forums of hackers.”

Who are the pirates ?

“Twelve different groups are engaged today to this double practice of extortion where the ransom is requested at once to decrypt the files and to not disclose the stolen files”, written ZDNet. How do I know who is behind this attack ? According to Vice, the authors of the rançongiciel have made the promotion from the month of August on a forum of Russian hackers. At the time, the authors were invited by various groups of hackers to take it over, specifying only that it “it was forbidden to use this computer code against targets in Russia”, implying that the pirates could find themselves in the country.

Also, Vice indicates that a study of the code of the rançongiciel has led to the recognition of the similarities between REvil and GrandCrab, another software developed by a group of hackers operating from Russia.

That will make GSMS and Donald Trump ?

The law firm in new york has ruled out the possibility of access at the request of the pirates. “Experts and the FBI told us that negotiating or paying a ransom to terrorists is a serious violation of federal laws. Even when huge sums are paid, criminals often leave the leak data”argued GSMS.

In response, the hackers have promised that they “destroy the company” if they were not paid, before you threaten the president of the United States : “There was a presidential race underway, and we have found a ton of dirty laundry to time. Mr. Trump, if you want to be president, give a blow of the stick to the guy, otherwise you may forget this ambition for always”have warned the hackers.

Immediately, the american press has reported that Donald Trump had never been a client of the firm hacked, suggesting that it is a bluff attempt on the part of hackers. In response, on Saturday, may 16, “the cybercriminals have published a first wave of 169 e-mails supposed to prove that they have information on the former businessmancontinues Cyber war. But these files, consulted by the journalists of Variety and Business Insider, do no more than mention by far the activity of the president”continues the site, specialized, “and do not contain any information compromising.” The suspense could not be very long : the ultimatum of hackers ends Thursday, may 21.