Criminal group that hacked law firm threatens to release Trump documents

A known criminal enterprise released a large set of stolen files, at least some of which appeared legitimate.
A cybercriminal group is threatening to publish stolen files related to President Trump. Carlos Barria / Reuters file
By Kevin Collier and Diana Dasrath

A cybercriminal gang that hacked a major entertainment law firm claims it will release information on President Donald Trump if it doesn’t receive $42 million in ransom.

The group, a known criminal enterprise, didn’t offer any proof it had information compromising to Trump. It did, however, release a large set of stolen files from the law firm, Grubman Shire Meiselas & Sacks. NBC News reviewed some of the documents, and they appear legitimate.

The law firm said that Trump is not a client and has never been. A spokesperson for the firm said it wasn't clear which of its clients have been compromised.

The group uses ransomware — a type of malicious software — to break into a victim’s networks and encrypt them, demanding a fee to unlock them. If the victim doesn’t pay up, the group slowly leaks out unencrypted versions of files stolen from those networks to prompt payment.

The criminal group posted on its blog a threat to publish files related to Trump.

“The next person we'll be publishing is Donald Trump. There's an election race going on, and we found a ton of dirty laundry on time,” the group wrote, giving a one-week deadline. “And to you voters, we can let you know that after such a publication, you certainly don't want to see him as president.”

Though the gang tends to release legitimately hacked files, they left no clue of whether they actually had compromising information on Trump or whether this was a ploy to put more pressure on the law firm to pay.

“On the one hand, I think it’s bulls---,” said Brett Callow, who studies ransomware gangs at the antivirus company Emsisoft. “But on the other hand, getting a rep for bluffing isn’t helpful to extortionists. They need their victims to believe that their threats are real and will be carried through.”

Grubman, Shire, Meiselas & Sacks said in a statement Friday that law firms have not been immune to escalating attacks by foreign cybercriminals. “Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom," it said. "We are working directly with federal law enforcement and continue to work around the clock with the world’s leading experts to address this situation."

The White House declined to comment.

Ransomware gangs have become a persistent threat to the U.S. in recent years, and law enforcement has had difficulty stopping them. In many cases, these groups operate out of Russia, which doesn’t extradite its citizens.

“We’re pretty sure these guys operate in Russia’s ‘locus of control,’” said Allan Liska, who tracks the gang for the cybersecurity firm Recorded Future.

But threatening to release files about Trump, who enjoys a cordial relationship with Russian President Vladimir Putin, might be a step too far, Liska said.

“If they release this stuff, it is possible they will have both U.S. Cyber Command and FSB targeting them,” Liska said, referring to Russia's Federal Security Service. “Most Russian leadership leaves them alone as long as they don’t target Russian citizens. This would probably be an exception.”

Kevin Collier
Diana Dasrath