New York-based law firm fell victim to a cyber attack. That wasn’t only unfortunate for the firm alone, but for the countless celebrity clients, they represent. Their client list comprises many A-level celebrities.
All these people fell victim to hackers.
The hacker group that carried out the attack remained unnamed. It got dubbed REvil because that’s the ransomware used by the group.
The cybercriminals targeted the law firm’s internal data systems. They managed to get away with 756 gigabytes of data, which they deemed was worth $21 million in ransom. When the law firm stated they had no intention of paying a dime in ransom, the criminals released a statement that they’re doubling their ransom request to the staggering $42 million.
After the firm refused to comply with the ransom demand, the hackers released an astonishing 2.4 gigabyte batch of data. It included private files and all sorts of sensitive information: contracts, non-disclosure agreements, promotional agreements, and expense sheets, among others.
The data dump wasn’t the only bombshell the cybercriminals dropped. They claimed to have an ace up their sleeve. They had private documents belonging to the American President. The law firm was quick to deny having any business dealings with the President. They only claimed that his name only got mentioned in some of their documents connected to their other clients.
Due to the hack’s success and the massive breach of privacy, the FBI got involved. They advised against paying the ransom as, in most such cases, payment doesn’t do much besides cost the victim money.
If you’re a victim of cybercriminals, you’re in a lose-lose situation. If you refuse to pay them, they can release the information they stole if that’s what they wish, and the victims get left to deal with the consequences. To pay the ransom they demand means you’re accepting their promise to destroy the data they stole.
Can you trust the word of hackers? No, you can’t. However, it is essential to know that if the criminals do not hold their word, no one will pay the ransom to have this final option. Unfortunately, paying the ransom usually motivates more and more criminal groups to execute such operations.
This hack wasn’t their first attempt to score big. The attackers carried an attack on a foreign currency dealer as well. However, the ransom demand they went with paled compared to the $42, or even $21, million they demanded from the law firm. In this case, they asked for $6 million under threat to delete customer data. After a few weeks of having their services kept offline, the dealer caved and coughed up $2.3 million as payment.
Especially with COVID-19, more and more law and financial companies can become a target to attackers. It is essential to understand that blind fate into your cloud provider is only part of the equation. Every organization must take care of its defenses and upgrade them as much as it can. Only doing this can make attackers’ life harder.