A large New York law firm handling media and entertainment clients has reportedly been the victim of hackers, resulting in an extensive quantity of private information being stolen.

The data breach, reported by US media company Variety, occurred at the firm Grubman Shire Meiselas & Sacks, who handle the legal affairs of dozens of international celebrities. The batch of unauthorised data allegedly taken by hackers was calculated to be 756 gigabytes in size and comprised a wealth of sensitive information and confidential documents.

A prelude to extortion demands

A captured image of a post made by the cybercriminals responsible indicated the trove of stolen material contained email addresses and phone numbers, personal correspondence as well as legal documentation such as nondisclosure agreements and contracts. The misappropriated data purportedly contained information on a lengthy list of individuals working in the entertainment and music industries, including Madonna, Bruce Springsteen, Christina Aguilera, Priyanka Chopra, Lady Gaga, Mariah Carey and Run DMC.

Among the documents unveiled by the cybercriminal group was part of a contract between the artist Madonna and Live Nation for her album ‘Madame X’.

These posts are often released on forums or social media and are typically used as warnings to companies that cybercriminals have attacked with ransomware. Through showing evidence of information stolen, hackers attempt to bully companies into making payments that avoid their private information being released publicly either in the press or on dedicated sites set up by the threat actors.

While the law firm – who also represent actors like Robert DeNiro and international companies like Spotify, Facebook and EMI – remained unavailable for comment, its website effectively went offline following the reported attack, displaying only the company logo.

A history of ransomware attacks

While the total ransom amount requested by the cybercriminals is unknown and whether the data stolen is authentic has not been verified, the hackers have been identified as a group known as “Revil” who sometimes use another alias “Sodinokibi.” Evidence of the stolen data was posted on the dark web through a forum where user identities can be hidden using encryption to conduct secret and illegal transactions.

The ransomware assault on Grubman Shire Meiselas & Sacks is not the first of its kind to be attempted by Revil. Previous intended victims around the world have included Brooks International and Travelex, among other organisations. Last month, the Wall Street Journal reported that the currency exchange enterprise Travelex based in the UK paid out almost £2m to hackers in bitcoin after a successful attack infected the company’s network with computer viruses.

Ransomware targets are not always large firms. Recent studies by cybersecurity experts have shown that since the COVID-19 outbreak, the total number of successful attacks using ransomware has decreased but smaller organisations have been increasingly targeted.

Hackers are aware that unlike largescale enterprises, smaller firms lack adequate security and dedicated IT data protection officers making their defences easier to infiltrate. Many small healthcare facilities have faced ransomware attacks in recent months, with cybercriminals using staff’s urgent need to access patient data to leverage a payment.