KEY POINTS

  • Ransomware group REvil will auction stolen data that contained information about Lebron James, Nicki Minaj and Mariah Carey
  • Grubman Shire Meiselas & Sacks law firm, where the data was stolen, refuses to pay the ransom
  • The group will allow a single entity to purchase the entire files for $42 million, payable in the cryptocurrency Monero

Ransomware group REvil is planning to auction data containing sensitive information of celebrities. The group claimed the data, over 1 TB in size, contained documents of celebrities including Lebron James, Nicki Minaj and Mariah Carey.

The ransomware group said the auction will start July 1 with documents from the three celebrities. Starting bid for each is $600,000. After that, the group plans to auction data from Bad Boy Records, MTV and Universal. The bid for Bad Boy records starts at $750,000 and $1 million for the latter two.

The group’s blog post further claimed those who will win the auction will be satisfied for a very long time. “Show business is not concerts and love of fans only — also it is big money and social manipulation, mud lurking behind the scenes and sexual scandals, drugs and treachery,” the blog post concluded in broken English. The data reportedly contained contracts, NDA, confidential information, and internal correspondence with the law firm Grubman Shire Meiselas & Sacks, from where the hackers stole the data.

REvil also addressed the law firm, saying it knows what to do to prevent the auction of data. 

The group wanted payment in return for the files it stole. However, Grubman will not pay, equating negotiation with hackers to the same with terrorists. In a report from Variety, Grubman’s spokesperson said the firm’s client is overwhelmingly supportive of its position to not give in to the hackers’ demands.

In May 2020, REvil announced it successfully hacked Grubman Shire Meiselas & Sacks computers and demanded payment. They released the first batch of files that contained data from the firm’s work with Lady Gaga. The group proceeded to demand ransom for stolen data containing information about President Donald Trump. However, the ransom was not paid. Instead, REvil announced it sold Trump’s data to an interested party. 

According to security website Krebs on Security, the auction tactic could be a sign that REvil is feeling the financial pinch caused by the pandemic. Auctioning the files could be a way to extract more value. In addition, the victims might be enticed to pay after seeing their files actively being auctioned.

REvil said it will allow a single person or entity to purchase the entire contents of the stolen data for $42 million, payable in the cryptocurrency Monero. 

Monero is one of those cryptocurrencies that tout privacy and security as their biggest feature. Monero’s ledger does not record actual addresses of parties to transactions. Cointelegraph said this made the cryptocurrency a favourite among criminals and people not fond of being watched by governments.

Digital threats including misinformation and ransomware could threaten the integrity of the 2020 US election, security researchers say Digital threats including misinformation and ransomware could threaten the integrity of the 2020 US election, security researchers say Photo: AFP / KIRILL KUDRYAVTSEV