After leaking a series of emails with not-so-sensitive information, the REvil, aka Sodinokibi hacker group, claims to have clients ready to buy what it calls sensitive data of US President Donald Trump. The hacker group has said on its dark web-based official site that they are also prepping up to auction international celebrity Madonna's data.
The ransomware operator has written in its dark web-based blog: "Interested people contacted us and agreed to buy all the data about the US president ...We are pleased with the deal and keep our word."
"We are preparing to auction Madonna data ... The buyer has the right to do whatever he sees fit with the data." They threatened to auction Madonna's data on May 25 with a starting bid of one million dollars. After someone purchases the dump, the operator says the data will be deleted from their end.
The Ransomware Attack
The REvil hackers had executed a ransomware attack on the US-based celebrity law firm Grubman Shire Meiselas & Sacks (GSMLaw) and compromised tons of sensitive financial and legal data of hotshot celebrities before encrypting the network.
While leaking the first installment of the data as proof, the ransomware operators claimed that they have compromised a total of 756 GB data from the systems of GSMLaw. The group has mentioned that the data dump includes contacts, emails, and non-disclosure agreements of numerous celebrities like Madonna, Elton John, Nicky Minaj, Lizzo, Bruce Springsteen, and Lady Gaga. REvil demanded a ransom of $21m from Grubman Shire Meiselas & Sacks.
Doubled the Ransom
After GSMLaw failed to pay the ransom, the attackers doubled the ransom from $21m to $42m with a one-week deadline. They claimed that they would reveal tons of "dirty dumps" of Trump. "There's an election race going on, and we found a ton of dirty laundry on time. And to you voters, we can let you know that after such a publication, you certainly don't want to see him as president," they wrote.
Trump's 'Dirty Dump' Leaked
Allen Grubman from GSMLaw asserted that they were not really up for paying the ransom. Instead, GSMLaw is cooperating with the FBI and other law enforcement officials to resolve the massive data breach. The firm then issued a statement that experts and the FBI have told them that negotiating about the ransom money could violate federal law. They added that the cybercriminals often leak documents even after receiving the ransom is paid.
Later, REvil released the email dump involving Trump as threatened. But he emails contain faint instances about Trump and contrary to REvil's claim, the dump contains only innocent emails.
REvil launched a ransomware attack on the UK-based foreign currency dealer Travelex last year, demanding a ransom of $6m. Travelex allegedly paid $2.3m after a few weeks to the hacker group to get back its financial data.