The REvil ransomware gang has auctioned sensitive data after a card services provider Interacard, who failed to cover their ransom.
It has been reported that the information is available in an auction listing published by the group, as all prospective bidders are required to pay using Monero (XMR).
However, REvil has previously only auctioned data in cases where their name-and-shame tactics fail to extract payment from a targeted company. But, that does not appear to be the case this time.
Brett Callow, the threat analyst at malware lab Emsisoft, said:
“In this case, REvil appears to have bypassed their usual name-and-shame strategy and gone directly to the auction stage. The group may have done this in the belief that the data is worth more than the company would be willing to pay, or the data could have been obtained in an attack that occurred prior them launching their leak site in February of this year. If the group is now auctioning data from older incidents, that would obviously be bad news for any companies which were attacked by REvil prior to February. Their data could soon be put up for auction.”
If it’s true that the ransomware gang is merely auctioning data from old attacks, Callow believes that companies attacked between April 2019 (when the ransomware was first identified) and February 2020 (when the group launched their website) are now at risk of having their data publicly leaked.
As per the report, the auction lists databases, documents from HR and accounting, technical documentation, customer information, and Point of Sale, or POS, firmware sources, and builds.
Thus, according to the listing, the auction starts at $100,000.