REvil’s ransomware gang is launching an auction of stolen data, including legal information hacked from Madonna.
The ransomware gang REvil has launched an auction feature on the dark web in the past 24 hours, starting with the stolen data from a Canadian company and threatening to auction off information hacked from famous singer Madonna next.
Cointelegraph accessed information from the first auction campaign conducted by REVil, who detailed that the Agromart Group is the “first batch” of data to be put up for auction, which is the data stolen after a ransomware attack.
Madonna’s data auction threat
At the bottom of the list, the ransomware gang warned Madonna and “other people” that they could be the next victims of future auction listings in their campaign.
The reference to Madonna is related to her latest ransomware attack on a high-profile New York entertainment law firm — first reported by Cointelegraph — which represents the private legal affairs of dozens of the world’s biggest music stars and world cinema, including Lady Gaga, Elton John and Robert DeNiro.
An initial price in Bitcoin (BTC) or any other crypto has not been disclosed as of press time.
According to the details, scanned copies of Agromart’s financial accounts, personal net worth documents, aging report of records of their users, company’s credit application and agreement form, among others, are among the data included in the REvil’s campaign.
Ransomware gangs are getting sophisticated with their attacks
Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Remsisoft, and one of the first experts to unveil the new move by the ransomware gang, said that companies in this situation have no good option available to them.
He added the following about the sophistication of recent ransomware attacks:
“The tactics used by ransomware groups are becoming ever more extreme, and this was a logical progression. It enables the criminals to monetize stolen data while also serving as a warning to other companies regarding the consequences of non-compliance.”
Callow believes that although ransomware groups have sold and traded data in the past, this is the first time that hacked information is being auctioned under a somewhat formalized process. The ransomware expert commented on the following:
“I suspect the auctions are more about applying additional pressure to other victims than they are making money. It’s just one more way that the criminals can strike fear into companies.”
Recent REVil’s ransomware attacks
The REvil gang has starred in a few attacks recently, aside from the law firm. Cointelegraph reported on December 5 about a ransomware attack perpetrated against Texas-based data center provider CyrusOne.
Also, on May 22, a report from the UK-based cybersecurity firm Sophos released reports of a new method of human-operated ransomware attack launched by groups like REvil.