Ransomware, Breach, Content

Sodinokibi Ransomware Attacks Celebrity Law Firm: Report

Cybercriminals have used Sodinokibi (REvil) ransomware to steal celebrity contracts, nondisclosure agreements, phone numbers, email addresses and other sensitive information from media and entertainment law firm Grubman Shire Meiselas & Sacks, according to Variety.

Celebrities who may have been affected by the ransomware attack include:

  • Lady Gaga
  • Madonna
  • Nicki Minaj
  • Bruce Springsteen
  • Mary J. Blige
  • Christina Aguilera
  • Mariah Carey
  • Bette Midler

Hackers posted evidence of the data theft via a forum on the dark web, antivirus and antimalware software company Emsisoft told Variety. They allegedly stole 756GB of data during the attack, but the cyber ransom amount and group responsible for the incident remain unknown.

The law firm has yet to comment on the alleged attack.

Are Sodinokibi Attacks on the Rise?

Cybercriminals recently have used Sodinokibi during several cyberattacks.

Hackers in April 2020 leveraged Sodinokibi to attack the town of Jupiter, Florida. The cyberattack temporarily disabled many of Jupiter's digital services; however, backups enabled the town to forgo paying the cyber ransom.

Furthermore, cybercriminals used Sodinokibi to attack LogicalNet, a hosting provider and MSP in Schenectady, New York, during the 2019 holiday season. The cyberattack also spread to Albany County Airport Authority servers and backup servers.

Sodinokibi runs on Windows systems, cybersecurity software company Malwarebytes stated. The ransomware encrypts important files and requires a ransom payment to decrypt them.

During a Sodinokibi attack, cybercriminals encrypt files on local drives except for those listed in their configuration file, Malwarebytes indicated. After these files are encrypted, cybercriminals provide a ransom note and payment instructions.

Sodinokibi has infected thousands of clients via MSSPs, BlackBerry Cylance noted. Also, the ransomware has exploited vulnerabilities in remote services such as Oracle WebLogic (CVE-2019-2725) and employed mass spam campaigns to proliferate.

How to Combat Sodinokibi Attacks

Some of the best ways to combat Sodinokibi attacks include:

  • Learn about Sodinokibi, how it works and how it can impact an organization's data and systems
  • Teach employees about Sodinokibi and the dangers associated with ransomware attacks
  • Provide cybersecurity awareness training to educate staff about Sodinokibi and other cyber threats

Security services also can help organizations guard against Sodinokibi and other cyberattacks. These services can provide ongoing protection against cyberattacks, as well as help organizations optimize their security posture.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.