< Back to Searchlight Blog

Hackers claim to have "dirty laundry" on US President Donald Trump alongside many celebrities in law firm breach

Published on 18 May 2020 by Charlie

One of the worlds largest entertainment lawyers who allegedly also worked for President Trump has been the victim of ransomware, with hackers threatening to sell off the acquired data to the highest bidder on the darknet.

A New York law firm, responsible for many big names in the entertainment industry including U2 , Rod Stewart and Madonna, has been hacked. The ransom demand, which was first set at 21 million dollars, was doubled alongside the release of 2.4GB of data relating to one of its clients, Lady Gaga.

This doubling of the ransom was apparently caused by a lack of raised funds and “that people are not determined to solve the problem”, according to the hackers known as “REvil” who posted an update on their darknet site on Thursday(14th). In the update post (available here, the group mentions the next person who they will release the details of if the ransom is not paid in time, this person being President Trump. The group claims to have “found a ton of dirty laundry” on President Trump, who is currently partaking in the election race, and threatens that the data, if released is enough for him to “forget this ambition forever”.

The group then goes on to mention the exchange giant Travelex and the situation they went through at the beginning of the year, shutting down their service for weeks and paying a $2.3 million ransom after allegedly the same group managed to install ransomware on the systems. The data was threatened to begin being released one week after the post(21st), however, after reports in the media that President Trump was never a client of the law firm and that they would not negotiate with the hackers, the group posted a second update.

Titled “For the press #2 and Trump” the post (available here) states that each week, the law firms clients data will be auctioned off to the highest bidder and all their systems will remain encrypted, unless payment is made. Addressing the claims that trump was not a client for the company the post then went on to link several file distribution sites that hosted data allegedly from the hacked law firm. The data is only a few Megabytes in size, however it contains what appears to be emails regarding Mr Trump, coming from the law firm in question.

A new post was added around 19:00 GMT on the 18th May (available here), stating that they had found someone to purchase the Trump data and that the next auction would be Madonna on the 25th, with a starting price of $1 Million. As the hackers claimed to have found a buyer, the links to the leaked trump data were removed from the previous posts.

If the data is real and it has been sold, then it could either resurface online for resale, be kept secret, or used against trump in the election. However, the claimed data could have been fabricated by the hackers as a way to gain attention to the other pieces of data they are auctioning. Only time will tell if the alleged data exists and is as damming as the hackers claim, unless it has been purchased by a party looking to keep this data from public eye.

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io

Latest News from Searchlight

03 Jun 2020

Hacked Daniel's hosting database released.

Daniel's hosting, a widely used provider of free darknet hosting, found itself a target of an attack earlier this year, causing its closure shortly after, with its database just now being publicly released.


26 May 2020

Update on the effects of COVID-19 on the Darknet

With the world in the grip of the COVID-19 Pandemic, many ways of life have and continue to change as countries adapt to what media are calling the “new normal”.


20 May 2020

Europa market allegedly seized

The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.


19 May 2020

9 Million EasyJet customers details accessed in cyber attack.

Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.