Cyber-criminals hoping to profit from the theft of Bruce Springsteen’s legal documents were left disappointed when an online auction of the data attracted no buyers.
Other high-profile entertainers believed to have been impacted by the incident included Lady Gaga, Madonna, Jessica Simpson, Nicki Minaj, Priyanka Chopra, Mariah Carey, Outkast, and Mary J. Blige.
Sensitive information stolen in the incident included contracts, telephone numbers, email addresses, personal correspondence, and non-disclosure agreements.
Responsibility for the attack was claimed by the criminal gang behind REvil ransomware (also known as Sodinokobi), who demanded, but failed to get, a ransom to return the files.
Following the attack in May, the gang threatened to auction off data relating to Grubman Shire Meiselas & Sacks client Madonna, demanding a starting bid of $1m for the information. However, the gang reneged on their threat.
Yesterday, the gang staged an auction on its Dark Web “Happy Blog” of “All Bruce Springsteen legal documents from Grubman office” in which interested buyers were invited to start with a more modest opening bid of $600,000. A blitz price option of $1,500,000 was also offered.
When no bidders came forward, the gang published the message “No one paid for this lot in time. So the data is published.” However, the gang did not share a link to where the allegedly published stolen data could be found, suggesting that the auction may have been nothing more than a bluff.
In another feint, played out earlier this year, the gang claimed to have stolen “a ton of dirty laundry” on US president Donald Trump in the ransomware attack on Grubman.
The gang is yet to provide any evidence of data that is damaging to Trump, who was never a client of the media and entertainment law firm.
The FBI has advised victims not to pay any ransom demands, as doing so doesn’t guarantee the return and security of the encrypted files and encourages further attacks.