As reported by Variety, major media and entertainment law firm Grubman Shire Meiselas & Sacks said that after its internal data systems were hacked — and a vast trove of information on its clients was stolen — it has informed its roster of A-list clients of the breach. “We can confirm that we’ve been victimized by a cyberattack,” the New York-based firm said in a statement to Variety. “We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”
News of the hack surfaced last week, after a hacker group claimed it infiltrated the Grubman Shire Meiselas & Sacks network and stole a whopping 756 gigabytes of documents on multiple music and entertainment figures. Those include clients past and present, among them: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel and Run DMC, the hackers claimed.
If you don\’t patch people as part of an integrated cybersecurity strategy, you get to make statements like “We are grateful to our clients for their overwhelming support and for recognizing that nobody is safe from cyberterrorism today.\” That client support will turn to overwhelming lawfare if the celebrities feel pain. If people need a lesson on how hackers fuse psychology, marketing and \”impending event\” sales closing, this is a perfect case study in the black art of hackstortion. Doubling down and leveraging Donald Trump’s brand value is perfect. No downside for the hackers, no upside for the victims and all grist for the media mill, because someone fell for a phishing email.
If state-of-the-art security technology worked, we would not be suffering from these relentless attacks. A holistic approach to cybersecurity mandates that people are treated as part of the security ecosystem – they can either be weak links in the chain of security or they can be positive reinforcements in the defenses. But they must be tested and trained as an ongoing security process.
This is a classic case study in why hackers are always at an advantage – they leverage human behavior, psychology, marketing and sales techniques as well as current affairs, to create an environment that is conducive to their goals. There is little risk, if any to them. For the victims, it is lose-lose.
The law firm is caught between a hacking rock and a client base hard place. For every other law firm, ensure that all of partners and staff are mandated to undergo training. We know that some partners and senior lawyers (like other high-powered professionals) dislike being required to undergo security awareness training – they are super-smart people and may get angry if they are “caught out” by simulated phishing attacks and forced to sit on the naughty step.
Paying ransom does not guarantee that the attackers will not do anything with the data. As a matter of fact, the worst has already happened; the company’s reputation has been impacted. Paying and dealing with the threat actors might therefore be the absolute last resort. Depending on the scale: Investigating the matter, informing customers in full and making sure it does not ever happen again so starting from scratch might be the best way forward here.
REvil/Sodinokibi is a strain of ransomware, the threat actor group itself is called ‘GOLD SOUTHFIELD’:
The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group
Ransomware is effective and devastating because it allows hackers to sell information back to the people who value it most—the victims. As with other ransom situations, it is also impossible to know if paying the ransom will make your problem go away. Even if you regain access to your own information, your attacker might still have a copy of the information and be able to resell it to other interested parties.
Personal information is valuable by itself, but personal information about celebrities is even more valuable. The attackers in this case have, unfortunately, perpetrated a crime with deep impact.
Like the celebrities whose information is now in jeopardy, we all interact with organisations every day that might result in a situation like this. It is impossible to evaluate the security posture of every business where you have sensitive information, and for the most part, we must rely on a system of trust. Businesses can reduce the risk of a catastrophic breach by taking a proactive, security-first stance and following industry best practices in designing and implementing their technology solutions.
The overwhelming tendency is to focus on the ransomware itself in these types of cases, but ransomware doesn’t magically appear on a system. Organizations that are concerned about ransomware should assess how well they’ve deployed basic controls like vulnerability management, secure configurations and email protections. The first line of defense against ransomware is to prevent it from getting inside in the first place.
Ransomware makes headlines, in part, because it’s always detected. It has to be, in order to get the ransom paid. Keep in mind that if self-announcing ransomware can get in, so can much more stealthy attackers.
Human beings are the single biggest asset cyber criminals have in extorting money, and specifically in the case of the breach of the Grubman law firm. This breach appears to be a surgical strike against Grubman, knowing they represent many of the biggest celebrities in the world. The million dollar question is how much personal information the hackers have obtained and how real are their threats? This is no laughing matter. And what are the ransom demands of the hackers? If the hackers have obtained personal information of these celebrities, will they give Grubman the encryption keys and return stolen files if the ransom demands are met? Unfortunately, there are no longer any guarantees for companies that decide to pay a ransom because there is less and less honesty amongst these cyber criminals. Paying a ransom no longer guarantees a return of proprietary information.
The longer term issue for Grubman, other law firms and any organisation is what approach are they taking to secure private information. Today, its no longer a matter of if, but when a breach will occur. Every company has been hacked, most many times over, and it comes down to how quickly a company identifies malicious activity and stops it. In the case of Grubman and their large list of A list celebrities, most if not all of them are sweating out the current situation and hoping the damage will be minimal.