3 June 2020

REvil ransomware group announces its first ever stolen data auction


REvil ransomware group announces its first ever stolen data auction

Malicious actors behind REvil ransomware have launched an auction site to sell data stolen from networks of companies they compromised.

On Tuesday, the group began the online bidding process on its dark web site "The Happy Blog", posting samples of data allegedly belonging to Canadian firm Agromart Group and a U.S. food distributor.

Agromart Group has been hacked last month, but chose not to pay the ransom. The hackers claim that Agromart’s data available for auction includes scanned copies of the company's financial accounts, agreement forms and credit applications, as well as personal net worth documents and age records of the users. The auction of Agromart’s data starts at $50,000 and has a 'buy-now' price of $100,000.

In case of the U.S. food distributor the data being auctioned has a starting price of $100,000, however, those interested can by it immediately for the "Blitz price" of $200,000, according to Bleeping Computer.

The hackers said individuals who want to partake in the auction, need to register for each auction separately and make a deposit of 10% of the starting price. If the bidder fails to pay bid after winning the auction, they lose their deposit. All computational operations will be performed in the cryptocurrency Monero, the group said.

REvil (aka Sodinokibi or Sodin) is a ransomware operation that compromises companies networks using spam, exploits, exposed remote desktop services and hacked managed service providers (MSPs). The gang mostly targets big companies and leaks stolen data if the victim refuses to pay ransom demand.


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024