Some 756GB of documents have apparently been stolen, which the gang claims to show evidence of sexual harassment by politicians.
Cyber criminals are attempting to hold a dark web auction for legal documents stolen from a law firm which specialises in representing A-list stars.
The law firm Grubman Shire Meiselas & Sacks, which has represented stars including including Robert De Niro, Drake, LeBron James, Nicki Minaj and Mariah Carey, confirmed that it was hacked back in May.
At the time the criminals claimed to have stolen 756GB of legal documentation and threatened to release it in troves in order to extort a ransom payment from the firm.
Following the law firm’s refusal to pay the extortion, the criminals have begun leaking and selling the documents online.
In a new post the gang claims that it had “audited” all of the stolen documents and identified – without providing any evidence – celebrities being bribed by the US Democratic Party, as well as sexual harassment by politicians.
Such comments are almost definitely designed to drive interest in purchasing the documents ahead of the US presidential election later this year.
The gang previously claimed to possess damning documents relating to President Donald Trump which never surfaced and which weren’t supported by the materials it posted to support the claims.
It is now claiming it will auction legal documents relating to Nicki Minaj, Mariah Carey and LeBron James on 1 July, starting at $600,000 each.
Known as Sodinokibi/REvil, the criminal organisation has been known to encrypt its victims’ computers after stealing sensitive documents, before demanding payment in order to make them useful again.
The group is also believed to have targeted UK-based exchange firm Travelex earlier this year, forcing staff to resort to using pen and paper to record transactions.
Brett Callow, a cyber security researcher who specialises in tracking these gangs, said REvil “probably do have at least some of the data they claim to have”.
“It seems very unlikely that, after penetrating Grubman’s network, they would have only taken data related to a single celebrity.
“However, whether the information is as inflammatory as they suggest is another matter. The claims about sex and political scandals could well be false and simply made with the intention of creating a bidding war.”
Back in May, Grubman released a statement saying: “We can confirm that we’ve been victimised by a cyber attack. We have notified our clients and our staff.
“We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”
As is increasingly common among cyber criminals, Sodinokibi/REvil maintains a website which lists numerous victims of its attacks who have not paid the ransom, and whose documents the group is leaking.
Lady Gaga, Bette Midler, Bruce Springsteen and Outkast are also among the clients which the hackers are claiming they now possess legal documents for.
Grubman Shire Meiselas & Sacks described itself as “universally recognised as one of the premier entertainment and media law firms in the country” on its website before the site was taken down.