In a data breach at celebrity law firm Grubman Shire Meiselas & Sacks, Hackers claim to have stolen celebrity information. In the alleged law firm hack, the attackers claim to have access to 756 gigabytes of data, including contracts, nondisclosure agreements, phone numbers and email addresses and “personal correspondence” of the law firm’s clients. Those clients include Madonna, Lady Gaga, Drake, Priyanka Chopra, Robert DeNiro and many more.
The ransomware attacked on the law firm was perpetrated by the well-known hacking group REvil, also known as Sodinokibi, which has previously targeted Travelex, Brooks International and other large organizations. While most ransomware attacks do not result in payment, Travelex, a U.K.-based currency-exchange company, actually paid $2.3 million in bitcoin to the hackers after its network was infected with viruses, according to a Wall Street Report.
Grubman Shire Meiselas & Sacks is currently working with authorities and cybersecurity experts to remedy the breach. They have also notified clients affected by the data breach. In a statement, the law firm said “We can confirm that we’ve been victimized by a cyber-attack. We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”
It is not known what ransom payment REvil is asking for as far, but the group has threatened to leak the sensitive information if the law firm does not meet its demands. Grubman Shire Meiselas & Sacks has not stated if they are negotiating with the hackers or not.
Lessons to be Learned
While ransomware attacks are becoming more commonplace, they must be taken seriously and looked at to see what can be learned from each cyber-attack or threat.
According to experts, law firms are becoming highly sought-after targets of ransomware attacks because of the confidential nature and high value of the information they have access to. Additionally, because they have this information for a wide variety of clients, it makes them much more attractive to hackers. In a law firm hack such as this, hackers can breach one law firm or agency instead of attacking celebrities individually.
To protect against a ransomware or other type of cyber-attack, companies should know their risks. Any company or organization with valuable information is a potential victim. Therefore, all companies should understand and be aware of their vulnerabilities. Utilizing a third-party cybersecurity firm to run a penetration test would be a good place to start.
A penetration test from a cybersecurity firm, like SubRosa Cyber Solutions, will help your organization find the vulnerabilities in your current cybersecurity protocols and help you determine how to best fix those access points. Reach out SubRosa today!