3 June 2020

REvil ransomware group announces its first ever stolen data auction


REvil ransomware group announces its first ever stolen data auction

Malicious actors behind REvil ransomware have launched an auction site to sell data stolen from networks of companies they compromised.

On Tuesday, the group began the online bidding process on its dark web site "The Happy Blog", posting samples of data allegedly belonging to Canadian firm Agromart Group and a U.S. food distributor.

Agromart Group has been hacked last month, but chose not to pay the ransom. The hackers claim that Agromart’s data available for auction includes scanned copies of the company's financial accounts, agreement forms and credit applications, as well as personal net worth documents and age records of the users. The auction of Agromart’s data starts at $50,000 and has a 'buy-now' price of $100,000.

In case of the U.S. food distributor the data being auctioned has a starting price of $100,000, however, those interested can by it immediately for the "Blitz price" of $200,000, according to Bleeping Computer.

The hackers said individuals who want to partake in the auction, need to register for each auction separately and make a deposit of 10% of the starting price. If the bidder fails to pay bid after winning the auction, they lose their deposit. All computational operations will be performed in the cryptocurrency Monero, the group said.

REvil (aka Sodinokibi or Sodin) is a ransomware operation that compromises companies networks using spam, exploits, exposed remote desktop services and hacked managed service providers (MSPs). The gang mostly targets big companies and leaks stolen data if the victim refuses to pay ransom demand.


Back to the list

Latest Posts

Security researcher published PoC exploit for Zoho ManageEngine ADAudit Plus bug

Security researcher published PoC exploit for Zoho ManageEngine ADAudit Plus bug

Using this vulnerability, a cybercriminal can get the remote access to sensitive information.
4 July 2022
Microsoft found Raspberry Robin worm in networks of hundreds of organizations

Microsoft found Raspberry Robin worm in networks of hundreds of organizations

While Raspberry Robin was first discovered in September 2021, it was active long before that.
4 July 2022
Half of 2022's 0-days are variants of 2021’s 0-days

Half of 2022's 0-days are variants of 2021’s 0-days

In the first half of 2022, Google’s Project Zero team identified eighteen 0-day vulnerabilities, and at least nine of them are variants of previously fixed flaws.
4 July 2022