A law firm used by A-list stars including Rod Stewart, Lil Nas X and Robert De Niro has been hacked.
The website for Grubman Shire Meiselas & Sacks is down and hackers claim to have 756 gigabytes of data including contracts and personal emails.
A screenshot allegedly of a Madonna contract has been released, and the criminals are demanding payment.
The New York law firm says it has notified its clients and is working with cyber-security experts.
It’s not known what sum the hackers are demanding and whether the law firm is negotiating with them.
The law firm said in a press statement: “We can confirm that we’ve been victimised by a cyber-attack. We have notified our clients and our staff. We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”
The company’s website is displaying just a logo but historic records of the site show a client list of more than 200 high profile people and companies.
Musicians include Sir Elton John, Barbra Streisand, Barry Manilow, Rod Stewart, Lady Gaga, Lil Nas X, The Weeknd, Madonna, U2 and Drake.
Other clients named are Andrew Lloyd Webber, Priyanka Chopra, Robert De Niro, Sofia Vergara, Activision, Inc, Sony Corp, LeBron James and Mike Tyson.
The hackers known as REvil or Sodinokibi previously attacked foreign exchange company Travelex with ransomware in January.
Ransomware is one of the biggest problems in cyber-security and is a malicious type of software that encrypts data until a ransom is paid, usually in untraceable crypto-currency Bitcoin.
Cyber-security company Emsisoft says the hackers have posted images online of a contract for Madonna’s World Tour 2019-20 complete with signatures from an employee and concert company Live Nation.
Hackers have also uploaded an image they claim shows the stolen data directory with folders named under certain clients. Posting a sample of stolen data is often done as a way to prove a hack has happened and put pressure on a victim to pay a ransom.
“Companies in this position have no good options available to them,” Brett Callow, threat analyst at Emsisoft said. “Non-payment of the demand will result in the information being published; payment will simply get them a pinky promise from criminals that the stolen data will be deleted.
“These incidents are becoming increasingly commonplace and increasingly concerning. And incidents involving law firms are even more concerning due to the sensitivity of the data they hold.”
The law firm and some of the celebrities have been approached for further comment.