This article is more than 1 year old

Ransomware crims to sell off 'scandalous' files swiped from Mariah Carey, Nicki Minaj, Puff Daddy's legal eagles

$600k starting bid, say public extortionists, or $42m to keep schtum

Ransomware criminals claiming to have siphoned confidential docs on Nicki Minaj, Mariah Carey, and Lebron James from an American law firm are threatening to auction off the info.

The REvil ransomware gang declared it will sell off troves of the paperwork, which it said it exfiltrated from the computer systems of American showbiz lawyer Allen Grubman. Unspecified stolen data about chanteuses Nicki Minaj and Mariah Carey, along with basketball ace Lebron James, will be up for auction on July 1, with a reserve price of $600,000, according to a statement posted to the crew's Tor-hidden blog seen by The Register.

A post advertising the auction was filled with lurid claims that it would reveal “big money and social manipulation, mud lurking behind the scenes and sexual scandals, drugs and treachery,” as well as “bribery by Democratical Party” [sic].

Infosec biz Emsisoft’s Brett Callow told El Reg an apparent delay between the initial hack and the auction announcement may have been an attempt by the gang to build “anticipation” for the sale in the criminal marketplace.

man applies perfume

Posh Spice's perfume people pop up in Maze ransomware gang extortion effort


He said: “The crims likely do have at least some of the information they claim, but it may or may not be as salaciously juicy as they say. The claims and sex and political scandals could be utterly bogus and made only for the purpose of creating a bidding war.

"Let’s face it, you wouldn’t be able to ask for your money back were it to turn out that REvil had misrepresented the goods. Well, you could ask I suppose, but you probably wouldn’t have much luck.”

Should any of the three celebs not want their dealings with their lawyer made public, the gang “generously” offered to sell the whole lot back for $42m, having doubled a previous demand.

“Each lot includes full information downloaded from the office, namely - contracts, agreements, nda, confidential information, court conflicts, internal correspondence with the Firm,” said REvil, sardonically adding: “We are not responsible for the buyer’s actions.”

The auction will be followed by a second tranche on July 3 of files concerning Universal Studios, Puff Daddy’s* music label Bad Boy Records’ holding company, and MTV, it is claimed.

The Register was unable to reach Grubman for comment through his firm, Grubman, Shire, Meiselas & Sacks. Its website consists of a logo only, presumably while the lawyers fix the damage caused by REvil.

REvil is fairly indiscriminate about its targeting, having published the passports of some staff at UK electricity market middleman Elexon to menace that company into paying a ransom or as revenge for not coughing up the demand. Elexon had shrugged off the gang's ransomware infection, rebuilding from backups and seemingly refusing to engage with the criminals. ®


* Puff Daddy was the stage name by which the US rapper Sean Combs was first known in the UK. He has since gone through a variety of monikers, lists of which can be found through your search engine of choice.

More about


Send us news

Other stories you might like