REvil: Nevermind about releasing that Trump info - a buyer paid for it

Just a few days ago a story surfaced about a hacking group, REvil, who decided to double the ransom being demanded from the New York law firm Grubman Shire Meiselas & Sacks in exchange for the 756 gigabytes of documents allegedly stolen. At that time, in order to jack up the ransom demand, the group claimed it would release damning information on President Trump if the ransom of $42M wasn’t delivered.

At the time I questioned if the group even had any dirt on the president because reports were that Trump wasn’t a client of the targeted attorney, Allen Grubman. Trump was reported to have never been a client of Grubman or the law firm so it was extremely unlikely that there would have been any files on Trump to be stolen by the hackers. And, frankly, even if there were files, what could there possibly be left at this point to expose about Trump? It all felt like an “Ah, ha! Now we’ve got him!” moment that was bogus from the get-go.

Turns out, REvel was bluffing about the release of harmful information on Trump. The information wasn’t much more than the word ‘Trump’ appearing in emails of other clients. Someone took the bait, though, according to REvel and paid for the data about Trump.

Then on Monday, REvil revealed the Trump documents were off the market, stating, “Interested people contacted us and agreed to buy all the data about the US president … We are pleased with the deal and keep our word.” They added, “We are preparing to auction Madonna data … The buyer has the right to do whatever he sees fit with the data.”

It is not known what was in the alleged Trump trove, but sources who viewed a sample on the hackers’ site said it related to snarky mentions of Trump in emails from Grubman’s clientele.

Brett Callow, from cybersecurity firm Emsisoft, told Page Six, “What information REvil had on Trump we may likely never know. But they were almost certainly bluffing about it being ‘presidency-ending material.’ But let’s assume this is being treated as a terrorist matter, perhaps because of Trump, so the law firm was prevented from paying the ransom or negotiating.

From what is being reported, the hackers were leveraging Trump’s name but the only real appearance of his name in the hacking story was from his name appearing in emails of others. There wasn’t anything there but references to him.

The “most harmless” emails released on the dark web, all 169 of them, contained absolutely nothing that could be considered as dirt on Trump. For all intents and purposes, that data dump looked like someone had just searched an archive for “trump” and put everything returned into a file. Including trump being used as a verb and messages referring to Trump in the third-person. The considered opinion of most all the security intelligence experts I have spoken to is that REvil had nothing of any consequence on Trump and was, in fact, bluffing as leverage to get a ransom paid.

So, no “dirty laundry” about President Trump. What seems to have triggered the hackers’ change of plans was the law firm’s use of the word ‘terrorist’ while describing the ransomware attack. REvel posted links to emails meant to prove its claims. After that, the hackers released a statement that they made a deal with a buyer to sell the Trump information.

However, the use of the ‘terrorist’ word triggered an angry, and quick, response from the REvil ransomware operators on May 17. In a long and ranting posting on the dark web, the threat actors said that “Mr. Lawyer says that Donald has never been their client. And he says that we are bluffing. Oh well. The first part, with the most harmless information, we will post here.” That posting concluded with links to a collection of 169 emails purporting to be a small part of the ‘dirty laundry’ data the group had on President Trump.

Today, the REvil group has posted yet another update. Here’s what it had to say as far the data about President Trump was concerned: “Interested people contacted us and agreed to buy all the data about the U.S. President, which we have accumulated over the entire time of our activity.” The cybercriminals said that they were “very pleased with the deal,” but did not disclose any further information regarding either the buyer or the amount paid. If, that is, anything was actually sold at all.

And, just like that, the target changed from President Trump to aging pop star Madonna. The experts at the cybersecurity firm Emsisoft doubt there was ever anything to REvil’s claims against Trump in the first place.

“The hackers were also prevented from making any money, so they went to Plan B, removing Trump from the deal and instead auctioning off the celebs’ information separately.”

The hackers were taking advantage of Trump Derangement Syndrome, still so prevalent on the left. Who knows who paid for the bogus Trump files? Looks like they got the short end of the deal if there was anything on the files at all. Wouldn’t it be fun if surrogates of the Biden campaign spent money on a phony story?