News

Creators of REvil (Sodinokibi) claim to have sold Donald Trump’s data

Earlier this week, we talked about how a hacker group behind the development of the ransomware REvil (Sodinokibi) hacked Grubman Shire Meiselas & Sacks (GSMS), a New York law firm. USA. Now Sodinokibi claims to have sold Donald Trump data.

Among clients of this company are dozens of world stars: the GSMS customer list contains such names as Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, U2 and so on.

As often happens recently, hackers not only encrypted the data of the affected company, but also stole a lot of files related to the GSMS star clients.

“The total amount of stolen information was 756 GB, including contracts, phone numbers, email addresses, personal correspondence, non-disclosure agreements and much more”, – claims the group.

After the hack, the group gave the affected company a week to pay the ransom. When this period expired, on the intruders site arrived a new message. REvil operators said that during negotiations with GSMS representatives they were offered a payment of $365,000, while hackers demanded $21,000,000 for the stolen data. Since the ransom was not paid at the appointed time, the hackers decided to double it, so now the amount should be no less than 42 million dollars.

The main card of the REvil operators is data about Trump, due to which they demanded such a fabulous sum from the injured law firm. The fact is that the attackers threatened GSMS that they would publish some incriminating evidence on US President Donald Trump. To begin with, hackers published more than 160 letters, in which Donald Trump was mentioned in one way or another (there was nothing compromising or secret in these messages at all, Trump’s name was basically just meanwhile mentioned there).

“If the ransom is not paid, then every week GSMS customer data will be sold on the darkknet (in alphabetical order). We don’t care who ultimately buys this information – the stars themselves, the media or the blackmailers – the main thing is that we can make money on it”, – said the hackers.

Now the group has unexpectedly announced that certain people are interested in “buying all the data about the US president,” which hackers have accumulated during their activity. REvil operators write that the deal has already taken place, and they were satisfied. Also, the attackers note that they keep their word, that is, now this information has been deleted and only unnamed buyer has a single copy of it.

As a result, information security experts agree that the hackers did not have any incriminating evidence about the US president. Attackers simply tried to put pressure on the GSMS leadership. And the alleged deal is just a way to save face.

In a new message, creators of REvil write that they now plan to put for sale GSMS files, associated with Madonna. The starting price is $1,000,000.

It seems that the attitude to the group’s threats has become a little less serious. It may be reckless, as recently their crime colleagues from DoppelPaymer published in the public domain Boeing, Lockheed Martin, SpaceX and Tesla documents.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

2 days ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

2 days ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

2 days ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

2 days ago