Hacker Group REvil Says It Sold Stolen Data On Trump, Warns Madonna, Other Celebrities Are Next

REvil, revil, revil hack, revil hackers, revil hacker group, madonna hacked, lady gaga hacked, Sodinokibi

Getty/Getty Trump (left) and Madonna (right).

A hacker group named REvil is demanding $42 million in ransom in exchange for the destruction of files it stole from entertainment lawyer Allen Grubman, Page Six reported.

Grubman represents several A-list celebrities including Lizzo, Drake, Madonna, Mariah Carey and Bruce Springsteen. On May 11, Variety reported that the firm where he works —Grubman, Shire, Meiselas and Sacks — had been hacked and a $21 million ransom demand had been issued.

Brett Callow, a threat analyst from the security company Emisoft, told The Register that the data was likely stolen using malware.

The law firm confirmed the hack to Variety in a statement:

We can confirm that we’ve been victimized by a cyber-attack. We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.

The firm’s website no longer shows a client list and instead just has an image of the company logo.

A hidden website “lists dozens of organizations compromised by the crew, includes screenshots of folders, a non-disclosure agreement, Madonna’s 2019-2020 tour arrangements, and Aguilera’s music rights as proof of its cyber-heist,” according to The Register.

Page Six reported that REvil (also called Sodinokibi) hacked into the firm’s server and “stole 756 gigabytes of confidential documents, including contracts and personal emails from a host of Hollywood and music stars.” The hackers made the files inaccessible and are demanding payment to provide the key to access them.

Other stars whose data could be at risk include Lady Gaga, Nicki Minaj, Mary J. Blige, Ella Mai, Christina Aguilera, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel and Run DMC.

According to Page Six, a source close to Grubman said he doesn’t plan on paying the money: “His view is, if he paid, the hackers might release the documents anyway. Plus the FBI has stated this hack is considered an act of international terrorism, and we don’t negotiate with terrorists.”

Since the initial asking price of $21 million, the hackers doubled the ransom to $42 million and threatened President Donald Trump:

The ransom is now [doubled to] $42,000,000. … The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry on time. Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever. And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president. … The deadline is one week.

The firm said it never represented Trump, according to The Hill. However, Business Insider reported that the hackers said they have already sold Trump’s data and will sell Madonna’s next.

According to a tweet from cybersecurity reporter Catalin Cimpanu, the documents were just emails:

Callow, however, has said there is evidence the group has some documents and he told Forbes that the hackers have already released more than two gigabytes of contract documents and other data related to Lady Gaga.

It is the largest cybersecurity ransom demand in history. Page Six reported that the previous record is $25 million.

According to Variety, Facebook is also on the hacker’s list of upcoming targets. The group has successfully targeted companies before, such as Travelex, a currency-exchange company. The Wall Street Journal reported that after Travelex experienced a ransomware attack, it paid REvil $2.3 million in bitcoin.

READ NEXT: Giannis Antetokounmpo’s Twitter Hacked With Racist & Hateful Messages