REvil ransomware operators launched auction site to sell stolen data

REvil launched auction site
Written by Emma Davis

The ransomware operators REvil (Sodinokibi) have launched an auction site similar to eBay, where they plan to sell data stolen from hacked companies.

Recall that currently, REvil operators are known as one of the most active and aggressive extortionist groups whose operations are aimed at corporate goals.

After hacking companies, ransomware steals and then encrypts files of victims and requests huge amounts of money as ransoms. On average, hackers extort $260,000 from companies.

REvil also has its own darknet website, where ransomware publishes “samples” of files stolen from companies, as well as full dumps with stolen data if victims refuse to pay”, – reported Bleeping Computer journalists.

Now the group announced on its blog that it was launching new functionality on the site and opening its own auction, which would allow it to monetize the stolen data, and not publish it for free, as hackers have done so far.

The first lot at a hacker auction will be files stolen from a Canadian agricultural company that was hacked last month and refused to pay a ransom. The starting price for the data will be $50,000, and the winner will have to pay in the Monero cryptocurrency, which REvil operators switched to in April, considering Bitcoin not safe enough.

To bid, you need to register separately for each auction, and after registration you will have to make a deposit of 10% from the starting price of the lot. They promise that at the end of the auction this sum will be returned.

REvil launched auction site

Auction interface

Apparently, hackers had an idea of creating their own auction after cracking Grubman Shire Meiselas & Sack law firm with data on dozens of world stars, including Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, U2 and etc.

In May 2020, attackers had already promised to auction information related to Madonna, saying that the starting price of the “lot” would be $1,000,000. Now the REvil operators write that they remember this and will soon fulfill their promise. However, apparently something went wrong with the stolen “data” of Donald trump.

By the way, some IS researchers believe ‘REvil’ is GandCrab rebranding.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply