A New York City law firm that represents superstar musicians such as Lady Gaga, Elton John and Madonna has allegedly been hit with a ransomware attack that threatens to expose celebrities’ privileged legal information.

Attackers have posted images of documents and file folders to the leak site for the REvil ransomware that appear to be from the firm. The attackers indicate that additional documents taken from the firm will be posted if the ransom is not paid, including contracts, telephone numbers, emails, personal correspondence, NDAs, and more.

Ransomware attackers use the threat of releasing stolen data to extort payment from victims. They often publish small amounts of data as proof of the attack, and then gradually more in stages if the ransom is not paid.

The firm has not responded to a request for comment.

One image shows was seems to be part of a contract related to Madonna’s now-cancelled Madame X Tour.  The contract is purportedly between Live Nation and an individual employee of the tour. The name shown matches the name of a carpenter listed on the tour’s credits page. The image — which I’ve cropped to protect the employee’s identity — includes the employee’s Social Security number.

The firm’s website describes it as “one of the premier entertainment and media law firms in the country.” The site lists dozens of entertainers and authors as clients, including Barbra Streisand, OutKast, Rod Stewart, Bette Midler, Shania Twain, Bruce Springsteen, and U2.

Its client list also includes actors Robert De Niro, Kate Upton and Meg Ryan; media figures Barbara Walters, Gayle King and David Letterman, and prominent lawyers David Boies and Ted Olson.

The law firm did not respond to my requests for comment.

According to Brett Callow, a threat analyst with cybersecurity company Emsisoft, it is unlikely that the attackers would claim to have this data if they had not in fact obtained it.

“I’ve never encountered a case of a ransomware group having falsely claimed to have obtained data,” Callow said. “Wouldn’t help their cause. Whether they have as much data as they claim to is another matter.”

In addition to the contract image, the attackers also posted what appears to be a screenshot of a computer file-folder structure. The folders bear names including Lady Gaga, Madonna, Mariah Carey, Mary J. Blige, Nicki Minaj, Jessica Simpson, and others.

Second New York Firm Attacked

Assuming the attack occurred, it would be the second ransomware attack against a New York law firm in as many weeks.

In April, attackers using the Ragnar Locker ransomware posted documents from a firm that describes itself as one of the largest general practice firms in the Hudson Valley.

Saying the firm had not responded to their ransom demand, the attackers posted documents purportedly containing law firm security data, documents and contracts, and QuickBooks data.

They said that was just a small portion of what they had downloaded, and that they also had information about the firm’s clients, partners, lawsuits, agreements and salaries.

Included in the document dump were the firm’s employees passwords.

That firm also did not respond to my requests for comment.

Ransomware Attacks Hit Three Law Firms in Last 24 Hours