REvil Ransomware Operators Targets Grubman Shire Meiselas & Sacks, an American Based Premier Entertainment and Media Law Firm

The REvil ransomware operators add another breach to their list. In this instance, they struck Grubman Shire Meiselas & Sacks and downloaded their sensitive and highly confidential documents from the company’s database.

Grubman Shire Meiselas & Sacks is universally recognized as one of the premier entertainment and media law firms in the country, representing the most prominent companies, talent, and executives.  As a transactional law firm specializing in all areas of entertainment and media – including music, film, television, live theatre, books and magazines, fashion, and sports – our ability to advise and service clients in all aspects of their careers and businesses is unparalleled. The firm’s success is built upon our extensive knowledge of the industry, strong relationships with key players, excellent lawyering, and legendary deal-making.

As per now, the ransomware operators have posted a sample of files and data of the company being downloaded by them. As per the Cyble Research Team, this small data leak from the large lot seems to be a warning for the company to accept the terms of the ransomware operators. Unfortunately, if the terms are not being accepted by the Grubman Shire & Meiselas & Sacks, then the REvil ransomware operators seem to leak a large lot of sensitive data of the company. Below is the snapshot of the message and the list of files being posted by REvil ransomware operators. The ransomware operators have posted a list of files highly sensitive and confidential files and data of the company. Cyble’s researches have examined this data leak which includes corporate operational data and legal documents such as Detailed information of their customers and clients, legal client contracts, many Non-Disclosure Agreements, and many more.

Below is the snapshot of the message and the list of files being posted by REvil ransomware operators.

A screenshot of a social media post

Description automatically generated

A snapshot of warning message being posted by ransomware operators

A screenshot of a cell phone

Description automatically generated

Snapshot of list of sensitive files of the Company

A picture containing screenshot

Description automatically generated

The legal confidential contract of the company’s client

A screenshot of a cell phone

Description automatically generated

Snapshot of Confidential Agreement of the Company

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web, and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.

Recent Blogs


Cyble analyzes BATLoader – A sophisticated loader being utilized by Threat Actors to deliver several malware families.

Read More »

Cyble Research & Intelligence Labs analyzes new strategies deployed by Qakbot to infect users via Microsoft OneNote.

Read More »
Scroll to Top