A known criminal enterprise released a large set of stolen files, at least some of which appeared legitimate.
A cybercriminal gang that hacked a major entertainment law firm claims it will release information on President Donald Trump if it doesn’t receive $42 million in ransom.
The group, a known criminal enterprise, didn’t offer any proof it had information compromising to Trump. It did, however, release a large set of stolen files from the law firm, Grubman Shire Meiselas & Sacks. NBC News reviewed some of the documents, and they appear legitimate.
The law firm said that Trump is not a client and has never been. A spokesperson for the firm said it wasn’t clear which of its clients have been compromised.
The group uses ransomware — a type of malicious software — to break into a victim’s networks and encrypt them, demanding a fee to unlock them. If the victim doesn’t pay up, the group slowly leaks out unencrypted versions of files stolen from those networks to prompt payment.
The criminal group posted on its blog a threat to publish files related to Trump.
“The next person we’ll be publishing is Donald Trump. There’s an election race going on, and we found a ton of dirty laundry on time,” the group wrote, giving a one-week deadline. “And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president.”
Though the gang tends to release legitimately hacked files, they left no clue of whether they actually had compromising information on Trump or whether this was a ploy to put more pressure on the law firm to pay.
“On the one hand, I think it’s bulls—,” said Brett Callow, who studies ransomware gangs at the antivirus company Emsisoft. “But on the other hand, getting a rep for bluffing isn’t helpful to extortionists. They need their victims to believe that their threats are real and will be carried through.”
Grubman, Shire, Meiselas & Sacks said in a statement Friday that law firms have not been immune to escalating attacks by foreign cybercriminals. “Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom,” it said. “We are working directly with federal law enforcement and continue to work around the clock with the world’s leading experts to address this situation.”