The REvil ransomware hacking group has targeted Grubman Shire Meiselas & Sacks, a high-profile entertainment law firm that represents celebrities such as Lady Gaga, Madonna, Elton John, Barbara Streisand, Bruce Springsteen, Mariah Carey and Mary J. Blige.

First uncovered by security researchers at Emisoft Ltd., the 756 gigabytes of data stolen from the law firm includes contracts, nondisclosure agreements, phone numbers, email addresses, music rights and personal correspondence.

The details of the hack are somewhat vague, though the law firm itself told Variety Monday that it had “been victimized by a cyberattack.” The REvil group is best known for its attack on foreign exchange provider Travelex in late December 2019. In that case, Travelex was reported to have paid a $2.3 million ransom for a decryption key to restore its network. The same gang was also behind the ransomware attack on data center provider Cyrus One Inc.

“A limited amount of data has been posted on their Tor leak site – screenshots of a couple of contracts as well as the folders to which they claim to have had access,” Brett Callow, threat analyst with Emsisoft, told Threatpost today. “The group claims to have exfiltrated 756GB of data in total which is to be published in installments – unless the firm pays, of course.”

Tim Erlin, vice president of product management and strategy at cybersecurity firm Tripwire Inc., told SiliconANGLE today that companies’ first line of defense against ransomware is to prevent it from getting inside in the first place.

“Ransomware makes headlines, in part, because it’s always detected,” Erlin said. “It has to be, in order to get the ransom paid. Keep in mind that if self-announcing ransomware can get in, so can much more stealthy attackers.”

Jonathan Knudsen, senior security strategist at electronic design automation firm Synopsys Inc., noted that “ransomware is effective and devastating because it allows hackers to sell information back to the people who value it most — the victims.

“As with other ransom situations, it is also impossible to know if paying the ransom will make your problem go away,” he said. “Even if you regain access to your own information, your attacker might still have a copy of the information and be able to resell it to other interested parties.”

“Personal information about celebrities is especially valuable, Knudsen noted.

“Like the celebrities whose information is now in jeopardy, we all interact with organizations every day that might result in a situation like this,” Knudsen said. “It is impossible to evaluate the security posture of every business where you have sensitive information, and for the most part, we must rely on a system of trust. Businesses can reduce the risk of a catastrophic breach by taking a proactive, security-first stance and following industry best practices in designing and implementing their technology solutions.”

Photo: Thomas Wolf/Wikimedia Commons