The law firm of Grubman Shire Meiselas & Sacks (GSMLaw.com) lost 756 Gigabytes of client contracts, correspondence and personal data to the Sodinokibi ransomware gang.
The gang published some of the confidential documents and threatened to post them all. The client list reads like a Hollywood Who's Who:
- Lady Gaga
- Mariah Carey
- Bette Midler
- Nicki Minaj
- Run DMC
- Bruce Springsteen
- Jessica Simpson
In addition to a sample of the client documents, the gang published a screenshot of the stolen folders.
Typically criminals steal legal documents after a law firm user clicks on a link in a deceptive phishing email. The email may appear to be from a vendor or even from an attorney within the law firm. Once the link is clicked, the computer becomes infected and "phones home," giving the crooks access to the user's computer.
If the law firm does not have state-of-the-art data loss prevention measures in place, there is no limit to the amount of data they can lose.
It is not known how much blackmail money was demanded. Other victims of the same gang have faced a demands from six figures on up to $2.5 million (Texas municipalities).
For more information, see:
Sodinokibi gang hacked law firm of the celebrities...
Wells H. Anderson - 952-922-1120 - moc.mrifymeruces@ofni