Perpetrators of the REvil ransomware are selling sensitive info, which they stole from victim companies, in an auction held on the dark web. Krebs on Security reported that the group has been extorting victims to no avail, thus, they resorted to auctions for profit.
The ransomware, which is also called Sodin and Sodinokibi, was used to confidential data from various organizations including a Canadian agricultural production firm. Its data has been acquired by a successful bidder, who will receive 3 databases and over 22,000 files.
The price for the sensitive information starts at $50,000, with a minimum deposit of $5,000 in cryptocurrencies. The auction came after the gang failed to extort money from the agricultural company.
Aside from the Canadian firm, the perpetrators have also threatened to auction off data stolen from New York-based celebrity law firm Grubman Shire Meiselas & Sack, particularly those related to Madonna, said reports by Infosecurity Magazine
Other celebrities handled by the firm include LeBron James and Mariah Carey. Upon the company’s refusal to pay, the group leaked 2GB of info regarding Lady Gaga contracts. The law firm still has not paid for the ransom.
The group claims to have “a ton of dirty laundry” on current US President Donald Trump, which has later been sold off to a private bidder, according to the group’s claims.
According to experts, the malicious party can be feeling the financial crisis experienced by victims due to the recent economic slowdown caused by the virus pandemic. Companies are refusing to submit to extortion attempts because they are struggling financially.
A report by Chainalysis revealed that payments due to ransomware “have decreased significantly” since the pandemic.
Meanwhile, some say that the auction could be another ploy to extort victims. BleepingComputer editor Lawrence Abrams noted that the REvil group could have taken this route to compel the victim to pay the ransom.
Abrams explains that a lot of companies have funneled resources toward backup storage, which means that there is no need to pay the criminals to recover their data. However, if they see their info being auctioned, they might consider paying the ransom to prevent the sale.
Other ransom malware groups have taken more measures to increase their profits by charging for payments twice: one for the recovery of info and another for the permanent deletion of the data on the part of the criminals.