Grubman represents several A-list celebrities including Lizzo, Drake, Madonna, Mariah Carey and Bruce Springsteen. On May 11, Variety reported that the firm where he works —Grubman, Shire, Meiselas and Sacks — had been hacked and a $21 million ransom demand had been issued.
The law firm confirmed the hack to Variety in a statement:
We can confirm that we’ve been victimized by a cyber-attack. We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.
The firm’s website no longer shows a client list and instead just has an image of the company logo.
A hidden website “lists dozens of organizations compromised by the crew, includes screenshots of folders, a non-disclosure agreement, Madonna’s 2019-2020 tour arrangements, and Aguilera’s music rights as proof of its cyber-heist,” according to The Register.
Page Six reported that REvil (also called Sodinokibi) hacked into the firm’s server and “stole 756 gigabytes of confidential documents, including contracts and personal emails from a host of Hollywood and music stars.” The hackers made the files inaccessible and are demanding payment to provide the key to access them.
Other stars whose data could be at risk include Lady Gaga, Nicki Minaj, Mary J. Blige, Ella Mai, Christina Aguilera, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel and Run DMC.
According to Page Six, a source close to Grubman said he doesn’t plan on paying the money: “His view is, if he paid, the hackers might release the documents anyway. Plus the FBI has stated this hack is considered an act of international terrorism, and we don’t negotiate with terrorists.”
Since the initial asking price of $21 million, the hackers doubled the ransom to $42 million and threatened President Donald Trump:
The ransom is now [doubled to] $42,000,000. … The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry on time. Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever. And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president. … The deadline is one week.
According to a tweet from cybersecurity reporter Catalin Cimpanu, the documents were just emails:
The only thing they had were emails Trump's team sent to the law firm's clients. That's all.
— Catalin Cimpanu (@campuscodi) May 18, 2020
Callow, however, has said there is evidence the group has some documents and he told Forbes that the hackers have already released more than two gigabytes of contract documents and other data related to Lady Gaga.
It is the largest cybersecurity ransom demand in history. Page Six reported that the previous record is $25 million.
According to Variety, Facebook is also on the hacker’s list of upcoming targets. The group has successfully targeted companies before, such as Travelex, a currency-exchange company. The Wall Street Journal reported that after Travelex experienced a ransomware attack, it paid REvil $2.3 million in bitcoin.