The operators of REvil ransomware, better known as Sodinokibi, have launched an auction website on the dark web, Happy Blog, to sell stolen data from victims who have denied paying ransom.
REvil is auctioning the stolen data of a U.S. food distributor and a Canadian agricultural company, for a starting price of $100,000 and $50,000 respectively. However, bidders are expected to agree to the following rules:
- To bid on an auction, you must register for each auction separately.
- After registration, you will need to make a deposit of 10% of the starting price. At the end of the auction the amount will be refunded (except for blockchain commission).
- If you have not paid your bid on the winning auction, you will lose your deposit. This is to ensure that none of the bidders make fake bids.
- All computational operations are performed in the cryptocurrency Monero (XMR).
- By clicking Continue you confirm that you agree to the terms above. You will be given a username/password and details of deposit payment.
In their auction website announcement, the REvil operators hinted that other auctions are coming soon.
REvil has made dozens of high-profile victims, including healthcare facilities and local governments. Furthermore, its distributors’ toolkit has expanded way beyond leveraging unpatched software flaws to gain a foothold in computer networks. It follows a Ransomware-as-a-Service (RaaS) model and the ransoms raked in by the crooks reportedly reach hundreds of thousands of dollars per compromised organization.
REvil’s Online Auction Threats
REvil operators recently carried out a cyberattack on New York-based law firm Grubman Shire Meiselas & Sacks. In the attack, the cybercriminals claimed to have stolen nearly 756 GB data of several high-profile celebrities like Lady Gaga, Elton John, Robert DeNiro, and Madonna. Grubman Shire Meiselas & Sacks is a premier entertainment and media law firm handling the legal profiles of Hollywood A-listers. They also threatened to hold an online auction of pop sensation Maddona’s stolen data at a reserve price of $1 million.
REvil Amid COVID-19
The operators also targeted California-based biotechnology company 10x Genomics to steal sensitive information, as the firm is part of an international alliance sequencing cells from patients who have recovered from the Coronavirus.