A $42-million ransom demand for hacked files that purportedly threaten to incriminate President Trump is hanging over a New York law firm representing some of the top acts in the entertainment business.
A criminal group that uses ransomware called REvil stole 756 gigabytes of data from the systems of Grubman Shire Meiselas & Sachs and has threatened to release damaging documents involving the president if the ransom is not paid, a representative for the law firm said.
The hackers have claimed that the data include contracts, emails and nondisclosure agreements involving a number of prominent music and entertainment figures.
Trump is not a current or former client of the firm, which mostly represents well-known recording artists such as Elton John, Madonna, Lizzo, Bruce Springsteen and Lady Gaga.
Earlier this month, the hackers posted snippets of contracts related to some of the firm's clients, including Madonna, as evidence that they have access to the files.
“The next person we'll be publishing is Donald Trump," the group said last week on its blog, according to reports. "There's an election race going on, and we found a ton of dirty laundry on time. And to you voters, we can let you know that after such a publication, you certainly don't want to see him as president.”
The firm, led by longtime entertainment lawyer Allen Grubman, said it is cooperating with law enforcement officials, including the FBI, to resolve the data breach. The firm said it has no intention of meeting the ransom demand.
"We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law," a representative for the firm said in a statement. "Even when enormous ransoms have been paid, the criminals often leak the documents anyway."
Grubman's firm has not commented on the contents of the hacked documents and communications but has not disputed their validity, said a person close to the investigation who was not authorized to comment.
The hackers initially demanded $21 million when they first revealed the data breach. They upped that amount to $42 million and shared 169 emails from the law firm’s accounts, according to a message posted on the so-called dark web on Thursday.
None contained any “dirty laundry” on Trump, according to press outlets that have viewed the emails. The ones that mentioned the president were related to other clients and dealt with such matters as rights clearances for video before he was elected.
It's the highest-profile hack involving the entertainment industry since North Korea breached the computer systems of Sony Pictures Entertainment. The 2014 cyberattack, triggered by Sony's release of "The Interview," wiped out data from Sony servers, exposed the personal information of tens of thousands of people, and unveiled embarrassing emails between the likes of then-studio chief Amy Pascal and producer Scott Rudin.
Law enforcement authorities have cited a rise in cyberattacks since the coronavirus crisis shut down the economy and forced many employees to work from home, where internet connections may not be as secure as in a workplace.
The hackers who targeted Grubman are believed to be based in Eastern Europe. Last year, they used their REvil ransomware to attack London-based foreign currency dealer Travelex and asked for $6 million. The hackers threatened to delete customer data. Travelex reportedly paid $2.3 million of the ransom after the threat kept its services offline for several weeks.