{"id":14476,"date":"2020-05-18T01:38:25","date_gmt":"2020-05-17T23:38:25","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14476"},"modified":"2020-05-18T01:38:25","modified_gmt":"2020-05-17T23:38:25","slug":"revil-ransomware-hacker-verffentlichen-erste-trump-files","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/05\/18\/revil-ransomware-hacker-verffentlichen-erste-trump-files\/","title":{"rendered":"Revil Ransomware hackers release first Trump files"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/05\/18\/revil-ransomware-hacker-verffentlichen-erste-trump-files\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The REvil\/Sodinokibi gang has seized files from the US law firm Grubman Shire Meiselas &amp; Sacks and demanded a ransom. Since the law firm is not paying, the first e-mail about US President Donald Trump has now been published. <\/p>\n<p><!--more--><\/p>\n<h2>What is Grubman Shire Meiselas &amp; Sacks case?<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg04.met.vgwort.de\/na\/a720254ed8ec46e49a89d2cf0c5cb025\" width=\"1\" height=\"1\">Grubman Shire Meiselas &amp; Sacks is an American law firm that primarily represents celebrities. The REvil\/Sodinokibi gang succeeded in infiltrating the IT systems of the US law firm Grubman Shire Meiselas &amp; Sacks. Not only were files encrypted, but also 750 GBytes of data were extracted. I learned about this over the following Tweet. Kaspersky has published <a href=\"https:\/\/threatpost.com\/revil-ransomware-attack-celeb-law-firm\/155676\/\" target=\"_blank\" rel=\"noopener noreferrer\">an article<\/a> about it. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Cybercriminals used the REvil ransomware to attack a law firm used by the likes of Lady Gaga, Drake and Madonna. Now, they're threatening to leak the 756 gigabytes of stolen data \u21d2 <a href=\"https:\/\/t.co\/4yOLaD32vs\">https:\/\/t.co\/4yOLaD32vs<\/a> via <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\">@threatpost<\/a> <a href=\"https:\/\/t.co\/WohbGQ3thP\">pic.twitter.com\/WohbGQ3thP<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/1260476951984308224?ref_src=twsrc%5Etfw\">May 13, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The case is making some waves in public. The REvil\/Sodinokibi gang is now demanding a ransom and threatening to publish the data if the law firm does not pay. Leverage is probably sensitive data (contracts, non-disclosure agreements, telephone numbers, e-mail addresses and correspondence) of prominent law firm clients. Originally, a ransom of 21 million US dollars was probably under discussion. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Russian-speaking <a href=\"https:\/\/twitter.com\/hashtag\/REvil?src=hash&amp;ref_src=twsrc%5Etfw\">#REvil<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\">#ransomware<\/a> gang compromised Grubman, Shire, Meiselas, and Sacks law firm, threatening to release blackmail data on President Trump unless a $42M ransom is paid within 24hrs. In the last day the $ doubled. The actual dark web post from REvil's main admin <a href=\"https:\/\/t.co\/xJilU1toYk\">pic.twitter.com\/xJilU1toYk<\/a><\/p>\n<p>\u2014 Gemini Advisory (@geminiadvisory) <a href=\"https:\/\/twitter.com\/geminiadvisory\/status\/1261313196029337600?ref_src=twsrc%5Etfw\">May 15, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>In the meantime, however, the Russian-speaking blackmailers have increased the demands to 42 million US dollars and threaten to publish files with compromising information about US President Donald Trump. The following tweet refers to an English-language report on this.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">A cybercriminal gang that hacked a major entertainment law firm claims it will release information on President Trump if it doesn't receive $42M in ransom. <a href=\"https:\/\/t.co\/0Trc4Hy884\">https:\/\/t.co\/0Trc4Hy884<\/a><\/p>\n<p>\u2014 NBC Politics (@NBCPolitics) <a href=\"https:\/\/twitter.com\/NBCPolitics\/status\/1261427412660817934?ref_src=twsrc%5Etfw\">May 15, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>It is unclear in this case what is behind the threat to publish Trump's \"dirty laundry\" files. Because Trump was never a client of the law firm. From the tweet below I gather that the first 169 'Dirty Laundry' emails about Donald Trump have now been released to the public. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Hackers Publish First 169 Trump 'Dirty Laundry' Emails After Being Branded Cyber-Terrorists <a href=\"https:\/\/t.co\/V1GM5Sowid\">https:\/\/t.co\/V1GM5Sowid<\/a><\/p>\n<p>\u2014 Aryeh Goretsky (@goretsky) <a href=\"https:\/\/twitter.com\/goretsky\/status\/1262064923728736257?ref_src=twsrc%5Etfw\">May 17, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Forbes has prepared the details. Currently, there seems to be little of interest in the 169 files. Trump is mentioned, but Forbes writes: 'It seems that the blackmailers searched the data mountain for the word Trump and then published 169 files'.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The REvil\/Sodinokibi gang has seized files from the US law firm Grubman Shire Meiselas &amp; Sacks and demanded a ransom. Since the law firm is not paying, the first e-mail about US President Donald Trump has now been published.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-14476","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14476"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14476\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}