REvil ransomware gang launches auction site to sell stolen data

Ransomware gang takes extortion to a whole new level. Threatens to auction Madonna's legal documents in a future auction.
Written by Catalin Cimpanu, Contributor

The operators of the REvil (Sodinokibi) ransomware gang have launched today an eBay-like auction site where they plan to sell data stolen from the companies they hack.

The auction portal is the latest trick in REvil's big bag of extortion tactics, and again confirms their role as trend-setter in the ransomware community.

Today, the REvil gang is known to be one of the most active and aggressive ransomware operations. They never target home consumers, but focus primarily on corporate targets.

They use exploits in network appliances to breach enterprise networks, where they encrypt the victim's files and ask for astronomical extortion fees (with their average demand being ~$260,000, as estimated earlier this year).

The REvil gang also operates a "leak site" on the dark web, where they publish teasers of stolen files, and then the whole stolen data, if victims don't pay their desired extortion fee.

However, in a blog post on their leak site today, the group announced the launch of a new "auction" feature that will allow the group to monetize the stolen files instead of releasing them for free, as they did until now.

The first auction is made up of files stolen from a Canadian agricultural company, hacked and encrypted last month, but which chose not to pay the ransom demand.

The company's files are being auctioned from a starting price of $50,000, payable in the Monero cryptocurrency, a cryptocurrency to which the REvil gang switched from Bitcoin in back in April, citing anonymity and privacy concerns.

However, while the Canadian company is the first REvil victim to have its files put up for auction, the idea for the new auction feature appears to have formed in the minds of the REvil gang during their ongoing extortion of a New York law firm that represents celebrities.

While trying to ante up the pressure on the NY law firm, in a blog post last week, the REvil gang threatened to hold an auction for Madonna's private legal documents.

While Madonna files have not been put up for an auction just yet, the REvil gang said today that they "remember Madonna and other people," suggesting that her files will soon be published too, as well as other files stolen from the NYC law firm.

Image: ZDNet

The FBI's most wanted cybercriminals

Editorial standards