{
	"id": "6e7df3e7-9b91-4fca-aa5d-35ea41a29120",
	"created_at": "2026-04-06T01:31:33.331124Z",
	"updated_at": "2026-04-10T03:22:09.064397Z",
	"deleted_at": null,
	"sha1_hash": "08f965020b3753dc3e1c34b9fae49d300d11c3e6",
	"title": "REvil ransomware threatens to leak A-list celebrities' legal docs",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2198705,
	"plain_text": "REvil ransomware threatens to leak A-list celebrities' legal docs\r\nBy Ionut Ilascu\r\nPublished: 2020-05-08 · Archived: 2026-04-06 00:19:32 UTC\r\nThe Sodinokibi ransomware group threatens to release hundreds of gigabytes of legal documents from a prominent\r\nentertainment and law firm that counts dozens of international stars as their clients.\r\nGrubman Shire Meiselas \u0026 Sacks (GSMLaw) is based in New York and represents dozens of heavyweight artists. Looking\r\nat its list of clients, you can spot names that are known all over the world: Madonna, Lady Gaga, Elton John, Robert de Niro,\r\nNicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross, and many others.\r\nBig names all over\r\nThe company, self described as “universally recognized as one of the premier entertainment and media law firms in the\r\ncountry,” specializes in all areas of entertainment and media.\r\nhttps://www.bleepingcomputer.com/news/security/revil-ransomware-threatens-to-leak-a-list-celebrities-legal-docs/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/revil-ransomware-threatens-to-leak-a-list-celebrities-legal-docs/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOn its website, the company says that its “ability to advise and service clients in all aspects of their careers and businesses is\r\nunparalleled.”\r\nSodinokibi, also referred to as Sodin or REvil by some publications, allegedly hacked GSMLaw. To support their claim, the\r\nhackers published a screenshot of the folders they have.\r\nThe hackers say that the type of data they have includes contracts, phone numbers, email addresses, personal\r\ncorrespondence, non-disclosure agreements. However, the trove is not limited to these and supposedly is 756GB large.\r\nTo prove beyond dispute that they have the information they claim, Sodin also provides snippets from a legal agreement in\r\n2013 signed by Christina Aguilera and an artist featured in one of her music projects. Aguilera’s name is not present on the\r\nlist of clients, indicating that she no longer retains the firm’s services.\r\nA fragment from another agreement between a crew member of the Madonna World Tour 2019-2020 and Live Nation Tours\r\ncompany.\r\nThe document is signed July 17, 2019 and contains the name of the crew member along with their social security number.\r\nBleepingComputer has contacted partners at Grubman Shire Meiselas \u0026 Sacks for comments and is currently awaiting a\r\nreply.\r\nhttps://www.bleepingcomputer.com/news/security/revil-ransomware-threatens-to-leak-a-list-celebrities-legal-docs/\r\nPage 3 of 4\n\nJudging by Sodinokibi’s past reputation, the actor is unlikely to make empty threats as in the past they have sold data stolen\r\nfrom victims that did not pay the ransom.\r\nTheir leak site currently has over two dozen entries for victims that did not pay the what the hackers asked. These companies\r\nare now risking data belonging them and their customers to be sold on various underground markets.\r\nSodinokibi is among the most profitable ransomware-as-a-business operations. Its affiliates use experts for breaking into\r\nprivate networks and navigating them undetected in search of the most valuable systems.\r\nIn March, they announced a \"forced\" switch from bitcoin to Monero cryptocurrency, to make it harder for law enforcement\r\nto track them.\r\nTheir main objective is to make money and they're at the top of the game.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/revil-ransomware-threatens-to-leak-a-list-celebrities-legal-docs/\r\nhttps://www.bleepingcomputer.com/news/security/revil-ransomware-threatens-to-leak-a-list-celebrities-legal-docs/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/revil-ransomware-threatens-to-leak-a-list-celebrities-legal-docs/"
	],
	"report_names": [
		"revil-ransomware-threatens-to-leak-a-list-celebrities-legal-docs"
	],
	"threat_actors": [],
	"ts_created_at": 1775439093,
	"ts_updated_at": 1775791329,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/08f965020b3753dc3e1c34b9fae49d300d11c3e6.pdf",
		"text": "https://archive.orkl.eu/08f965020b3753dc3e1c34b9fae49d300d11c3e6.txt",
		"img": "https://archive.orkl.eu/08f965020b3753dc3e1c34b9fae49d300d11c3e6.jpg"
	}
}