Ride the Lightning

REvil Ransomware Has Buyer for Trump Data, Now Auctioning Madonna’s Data

May 21, 2020

This story continues to fascinate me. Bleeping Computer reported May 18^th that the REvil ransomware group claims to have buyers ready for documents containing damaging information about President Donald Trump and that it is getting ready to auction data on Madonna.

The hackers breached the network of Grubman Shire Meiselas & Sacks (GSMLaw), a law firm representing many celebrities, stealing everything of value before encrypting the data.

After unsuccessful negotiations with the law firm, REvil published an archive "with the most harmless information" on Donald Trump, a collection of more than 160 emails.

They said there would be an auction every week with customer data and they don't care who buys it as long as they get paid. Certainly they are candid.

The hackers said that they have been contacted by individuals interested to "buy all the data about the US president" and that they are content with the proposal. They also promise to delete their copy of the data, making the buyer the only one who has it. And of course cybercriminals never lie.

There are no hints about who made the offer or what they're planning to do with it.

Bleeping Computer was told by numerous sources who reviewed the leaked data that it was harmless and did not contain anything damaging to President Trump. Possibly, the alleged sale by the ransomware operators is meant to save face after threatening to ruin Trump's reputation but not having any real data that could hurt him.

To continue their threats against GSMLaw, REvil stated that they plan on auctioning files related to Madonna that they stole from the firm. The start price is $1 million.

GSMLaw called REvil "foreign cyberterrorists" then said: "We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law."

Uh, not exactly.

Replying to a request for comments from BleepingComputer, the FBI stated the following: "Unless the FBI determines the Ransomware was deployed by a designated terrorist organization or nation state, the FBI treats Ransomware investigations as criminal matters."

So the forthcoming Hollywood script has more sensational material, but still no ending. Casting will be fun, don't you think?

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson