Entertainment and media law firm Grubman Shire Meiselas & Sacks was proud of its celebrity clients, but apparently didn’t do enough to secure confidential files or protect its network because ransomware data thieves are dumping those files onto the dark web and taunting the law firm, claiming to have 756 gigabytes of client files and records.
The hacker group is demanding a ransom of $42 million USD, and threatening to release personal details of celebrities such as Elton John. Barbara Streisand, and Madonna after already leaking private files regarding singer Lady Gaga.
The law firm so far has said that it will not pay any ransom, which would be itself a violation of federal law.
“Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom. We are working directly with federal law enforcement and continue to work around the clock with the world’s leading experts to address this situation,” said the firm in a statement to Rolling Stone Magazine.
“Security is not a one-time investment but a continuous investment embedded in the core of the organization,” says Praveen Sengar, CEO of international cybersecurity consulting & training firm Etek. “Organizations need to evaluate threat vectors based on their business model as attack vectors are directly proportional to user access, clients and stakeholders. It is extremely important to invest in proactive threat management where ethical hackers simulate attacks and constantly address the vulnerability apart from driving user awareness.”