Grubman Shire Meiselas & Sacks has a huge number of high-profile clients, including Maroon 5, Robert De Niro, Elton John, Barbra Streisand, John Mellencamp, Rod Stewart, Ricky Martin, Shania Twain, KISS, The Weeknd, Lil Wayne, and David Letterman, to name a few.
Among the companies it represents are Facebook, Activision, iHeartMedia, IMAX, Sony, Last Week Tonight with John Oliver, MTV, NBA Entertainment, New York Magazine, Tribeca Film Festival, The Spider-Man Partnership, HBO, Vice Media and Samsung Electronics.
Top-flight athletes like LeBron James, Carmelo Anthony, Sloane Stephens, Colin Kaepernick and Scottie Pippen are also on the company's client list.
The attackers gave no indication of when the site had been hit, though the limited details posted on the dark web were not there on Thursday AEDT.
REvil is also known as Sodinokibi and those who use the malware to stage attacks follow what is now becoming a common practice of first exfiltrating data, and then encrypting it on-site.
Publication of the exfiltrated data, in stages, is then used to put pressure on the victim to pay up.
The people behind the attack indicated that they would be releasing up to 756GB of data progressively, in nine staged releases.
Grubman Shire Meiselas & Sacks has no media contact address.
Contacted for comment, Brett Callow, security researcher at New Zealand-headquartered Emsisoft, said: “Data exfiltration cases represent a significant risk to law firms’ clients. The stolen information can be used for blackmail, spear phishing or sold to other criminals on the dark web.
"This is not the first incident of its kind; other law firms have had their data, and their clients’ data, exfiltrated on either the clear or the dark web and each incident resulted in extremely sensitive data being exposed."
Callow said most ransomware attacks succeeded because of basic security failings.
"This is not acceptable, and especially in the case of organisations such as law firms and healthcare providers which handle extremely sensitive information," he added. "Bottom-line: both public and private sector organisations need to do more to protect the data with which they are entrusted.”