Sodinokibi Operators Hacked Law Firm That Serves Madonna and Lady Gaga

A cybercriminal group distributing Sodinokibi ransomware claims that in one of its operations it is has hacked Grubman Shire Meiselas & Sacks (GSMLaw) las firm and stole gigabytes of documents from a law office.

The company described itself as “universally recognized as one of the premier entertainment and media law firms in the country,” specializes in all areas of entertainment and media.

On its website, the company says that its “ability to advise and service clients in all aspects of their careers and businesses is unparalleled.”

“The main feature of this incident is that there are world-famous people among GSMLaw customers. In particular, according to the list of customers, GSMLaw serves celebrities such as Chris Brown, Madonna, Lady Gaga, Nicki Minaj, Elton John, Timbaland, Robert De Niro, Asher and U2“, – reports Bleeping Computer magazine.

The cybercriminals, which have stolen documents, threatened to publish confidential information if the law firm did not pay the ransom.

Earlier, Sodinokibi operators, for example, carried out a very successful attack on the Texas municipal authorities.

Attackers behind the Sodinokibi ransomware posted a screenshot showing directories containing files stolen from GSMLaw.

Sodinokibi hacked law firm

Also, criminals cited extracts from legal agreements signed by famous people (for example, Cristina Aguilera).

“A fragment from another agreement between a crew member of the Madonna World Tour 2019-2020 and Live Nation Tours company. The document is signed July 17, 2019 and contains the name of the crew member along with their social security number”, – Bleeping Computer reporters say.

Hackers obtained about 756 GB of stolen data, among which can found contracts, phone numbers, email addresses, personal correspondence and social security numbers.

Recall that judging by Sodinokibi’s reputation, the actor is unlikely to make false claims, as in the past malware’s owners have sold data stolen from victims that did not pay the ransom.

Today, cybersecurity experts rightfully recognize Sodinokibi operators as experts in the field of cybersecurity and one of the most dangerous cybercrime groups.

Their leak site currently has over two dozen entries for victims that did not pay the ransom. These companies are now risking data belonging them and their customers to be sold on various underground markets.

Recall that Sodinokibi’s cybercrime colleagues DoppelPaymer operators published in the public domain Boeing, Lockheed Martin, SpaceX and Tesla documents.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button