After the FBI classified ransomware threats to publish stolen data relating to President Trump as terrorism, the REvil cybercrime gang has pushed back by publishing the first batch of emails.
Start a Homeland Security degree at American Military University.
On May 15, I reported that the notorious ransomware hackers known as REvil or Sodinokibi had claimed to have “dirty laundry” on President Trump following the successful theft of data from a New York law firm. Having already published legal documents connected to Lady Gaga on the dark web as proof of their intent, the gang threatened to publish Trump’s dirty laundry if the biggest cyber-ransom ever, $42 million (£34.6 million), wasn’t paid.
“The next person we’ll be publishing is Donald Trump,” the gang stated, “There’s an election race going on, and we found a ton of dirty laundry on time. Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever.”
I updated that report on May 16, with news that a statement by the Grubman, Shire, Meiselas and Sacks law firm suggested the FBI had classed this as an act of terrorism. As such, the statement read, “negotiating with or paying a ransom to terrorists is a violation of federal criminal law.”
That would appear to have got the REvil cybercrime gang angry enough to push back and publish the “first part, with the most harmless information” of that Trump data.
Ransomware gang push back after being branded as terrorists
My updated report yesterday quoted Brett Callow, an analyst at Emsisoft with expertise in dark web criminal activity, who told me that “as far as I know, no ransomware attack has ever been classed as a terrorist act.” Callow went on to say that the cybercriminals had shot themselves in the foot as the FBI order not to negotiate or pay a ransom meant they would “probably publish the rest of the data or auction it.”
And that’s what has now happened. In a long and rambling rant, in broken English, and forwarded to me by Callow, the REvil operators pushed back yesterday afternoon. Seemingly triggered by the terrorism classification, they wrote:
“We read the position of the authorities. Declare this an act of terrorism. Your position is your choice. This will not affect our work in any way. It’s just that it can completely erase certain frames that we still observed. But now is not about that. Mr. Lawyer says that Donald has never been their client. And he says that we are bluffing. Oh well. The first part, with the most harmless information, we will post here.”
How dirty is the Trump laundry washed in public so far?
At the end of the new ransom note, there were links to three dark web downloads and a password to access them. “Oh yes, Donald. Here is the first part of data,” the criminals said.
Those download links led to a total of 169 emails that all mention Trump in one way or another. True to their word, these were indeed harmless. It looks like they have just searched for any mention of “trump” and lumped those emails together in a file that is about as far from dirty laundry as you can get. Many of them use trump as a verb and those that do mention President Trump only do so in passing.
This is less smoking gun and more damp squib
This isn’t to say that the hackers don’t have data that is harmful to President Trump, but there is absolutely nothing here to suggest that they do. However, there is more to this story than just the Trump washing.
In that new ransom note rant, the criminals say that they will “auction customer data every week,” in last name order on a dark web trading site. “This data will be bought either by the stars themselves, or various media and blackmail them then, or simply kind people with good intentions. We do not care. The main thing is we will get the money,” the criminals said.
In that note, the group appears to taunt the FBI and its ability to “decipher elliptic cryptography,” referring to them as idiots. Meanwhile, the REvil gang says it will “have fun watching with popcorn.”
In a far more sinister tone, though, the ransom note ends with the following warning seemingly to President Trump himself: “I would hurry up. In the place of your competitor, I would buy all the data and put it right at the start of the election. That would be fun. But you can get ahead of him.”