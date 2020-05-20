The group behind the hacking of the law firm GSMLaw representative of celebrities mne a blackmail to the information drobes. He put the enchres documents relating to Donald Trump and is now the singer Madonna. Proof also that the ransomware as a business is growing in power.

Traditionally, a ransomware encrypts files of a company and promises their release against a ransom. Since a few months, another blackmail is organized following the hacking in early may of the law firm of Grubman Shire Meiselas & Sacks (GSMLaw), who represents several celebrities, such as Lady Gaga, Madonna, Mariah Carey, Nicki Minaj, Bruce Springsteen, U2 or even the duo Outkast. Behind this attack is the group at the origin of ransomwares REvIL/Sodinokibi and before you can encrypt the data, it has to be cultivated to make a blackmail to the publication.

Sniffing the martingale, the gang demanded a ransom of 21 million dollars, increased to $ 42 million after GSMLaw has proposed 365 000 dollars. To show his ability to be a nuisance, the cyber-criminal group has threatened to publish files on Donald Trump. Small problem, the tenant of the White House was never part of the clients of the law firm. It remains that these so-called revelations (160 emails have been published as of appetizers and proved to be harmless) have been the subject of bids, and that the group REvIL announced that it had found buyers.

The ransomware as a business expands

The group does not stop in so good way and decided to conduct auctions each week on the celebrities. The next target is Madonna with a starting price of one million dollars. It promises to the winner of the auction to delete files and ensure data exclusivity. At the beginning of the case, the gang had published a file of 2.4 Gb related to Lady Gaga containing contracts, marketing, merchandising, touring, …

By extorting doubling the firm, to decrypt and not to publish the data, the people behind REvIL/Sodinokibi dedicated to the strategy of ransomware as a business. More and more groups engage in this double game of exfiltration of the data before you encrypt it, to inflict a double punishment to the victim. But the auction of the stolen data is another risk for the companies involved and a way of making a little more attack to the cyber criminals.