- The cybergang behind this week's Lady Gaga data dump have posted a new ransom note and more stolen documents from a hacked law firm on their site on the dark web.
- The hackers on Thursday dumped thousands of Lady Gaga's legal documents, demanding a $42 million ransom from her law firm, which was hacked.
- They said President Donald Trump would be their next target and that his "dirty laundry" could hurt him in this year's election.
- The law firm denied any connection to Trump, and has refused to pay the ransom, according to a statement.
- A sampling of the documents reviewed by Business Insider were legal emails, contracts, and documents mentioning the president
- The hackers say they released "the first part, with the most harmless information," and more data dumps are to come. An expert said it's impossible to know what else they have.
- Visit Business Insider's homepage for more stories.
The unidentified cybergang who dumped Lady Gaga's data after the hack of a prominent entertainment law firm have dumped what they say is data about the president.
The cybergang dropped links to "the first part of data, with the most harmless information," on the dark web site. A sampling of the files reviewed by Business Insider were were legal emails, documents, and contracts mentioning the president, from an "Apprentice" costar's emails seeking to land a new show during his campaign, to the contracts negotiating legal use of his videotaped interviews.
The ransomware gang has stolen data from businesses and leaked it on a dark web site in the past, and a ransomware expert who has followed past data dumps said it's difficult to know what data they have stolen - but said the crime adds to a wave of highly public ransomware extortion attacks.
"They may have nothing significant and could simply be attempting to apply additional pressure," said Brett Callow, a threat researcher at Emsisoft, a cybersecurity company that specializes in ransomware. "The actions of ransomware groups are becoming ever more insidious and ever more extreme. They now weaponize data and use it against the companies from which it was stolen."
This week, the cybergang hacked into top entertainment law firm Grubman Shire Meiselas & Sacks, and leaked thousands of contracts and other documents from Lady Gaga.
The hackers have threatened to release more data about celebrities, including Bruce Springsteen, Christina Aguilera, and dozens of others if the law firm doesn't pay $42 million in ransom.
The law firm, Grubman Shire Meiselas & Sacks, said that President Donald Trump is not a client, that they are not paying the ransom, and that they are working with the FBI to solve the crime, according to a statement published by the celebrity news site Page Six.
The gang, REvil, executes ransomware attacks on businesses in which it encrypts their data, demands a ransom to release it, otherwise leaking it if they fail to do so.
As they dumped data they claimed are about Trump, the group said, "Mr. Lawyer says that Donald has never been their client. And he says that we are bluffing. Oh well. The first part, with the most harmless information, we will post here."
"This is their business, we have fun watching with popcorn."
Here is the full ransom note post:
We read the position of the authorities. Declare this an act of terrorism. Your position is your choice. This will not affect our work in any way. It's just that it can completely erase certain frames that we still observed. But now is not about that.
Mr. Lawyer says that Donald has never been their client. And he says that we are bluffing. Oh well. The first part, with the most harmless information, we will post here. We are very pleased that the stars support (according to media reports) Mr. Lawyer
But how strong will their support be when the paparazzi start publishing in the media? When will they begin to refuse to participate in certain events, concerts? Withdraw signed contracts, cancel their performances?
Mr. lawyer, you will be to blame. And you will pay all losses from your pocket. Moreover, as correctly noted, your reputation has already suffered. But everyone believes that this is the worst we could do. Oh no. Far from the worst. Both we and you are aware of this. We will receive money in 2 ways:
1. You and I find a common language (you can even [sic] through intermediaries in other countries, since local idiots who themselves have something behind their backs prevent you from doing this). Then, everyone will see that you value the reputation and safety of customers. We give our word that after our agreements the data will not be published, used somewhere, or sold. This is our word. Our reputation is very well known and dear to us. We always keep our words. Then we get money, you return your reputation, data, strengthen your security and continue to live.
2. You continue to listen to smart guys who, of course, will not compensate you for losses. Our actions will be as follows:
1) We will auction customer data every week (by last name) on the information exchange.
This data will be bought either by the stars themselves, or various media and blackmail them then, or simply kind people with good intentions. We do not care. The main thing is we will get the money.
Accordingly, after this, people will begin to have problems. And, oh yes, they will know who to blame for this. And who put their safety and reputation in exchange for money.
2) Your data will remain unavailable. Let's be honest. Even these idiots cannot decipher elliptic cryptography. Although you can continue to believe them. You incur losses daily, and they are actively investigating this crime, although they themselves understand that they will fall into the wall. Moreover, they are looking for performers, not organizers. This is their business, we have fun watching with popcorn.
That's all I wanted to say. As you can see, both options benefit us. And we will get it. The only question is how strong losses [sic] you will incur. And those who trusted you.