Malicious actors behind REvil ransomware have launched an auction site to sell data stolen from networks of companies they compromised.
On Tuesday, the group began the online bidding process on its dark web site "The Happy Blog", posting samples of data allegedly belonging to Canadian firm Agromart Group and a U.S. food distributor.
Agromart Group has been hacked last month, but chose not to pay the ransom. The hackers claim that Agromart’s data available for auction includes scanned copies of the company's financial accounts, agreement forms and credit applications, as well as personal net worth documents and age records of the users. The auction of Agromart’s data starts at $50,000 and has a 'buy-now' price of $100,000.
In case of the U.S. food distributor the data being auctioned has a starting price of $100,000, however, those interested can by it immediately for the "Blitz price" of $200,000, according to Bleeping Computer.
The hackers said individuals who want to partake in the auction, need to register for each auction separately and make a deposit of 10% of the starting price. If the bidder fails to pay bid after winning the auction, they lose their deposit. All computational operations will be performed in the cryptocurrency Monero, the group said.
REvil (aka Sodinokibi or Sodin) is a ransomware operation that compromises companies networks using spam, exploits, exposed remote desktop services and hacked managed service providers (MSPs). The gang mostly targets big companies and leaks stolen data if the victim refuses to pay ransom demand.