Ransomware gang is auctioning off victims confidential data

EnlargeRichLegg/Getty Images

Ransomware operators say theyre auctioning off victims confidential data in an attempt to put further pressure on them to pay hefty fees for its safe return.

The Happy Blog, a dark Web site maintained by the criminals behind the ransomware known by the names REvil, Sodin, and Sodinokibi, began the online bidding process earlier on Tuesday. Previously, the group published limited details of selected victim data and threatened to air additional confidential material if the owners didnt pay. Besides stealing the data, the group also encrypts it so that its no longer accessible to the owners.

Combining the threat of publishing the data while simultaneously locking it from its rightful owner is designed to increase the chances of a payout. The new tactic furthers the pressure, possibly because previous practices havent yielded the desired results. The ransoms demanded are frequently high, sometimes in the millions of dollars. Affected companies have also been loath to encourage further attacks by rewarding the people behind them. Added to that reluctance are new financial pressures caused by the coronavirus pandemic.

As of publication time, the Happy Blog advertised auctions for data from two companies. One is described as a food and harvest distributor. The auction promises more than 10,000 files containing confidential cash-flow analyses, distributor data, business insurance content, vendor information, and scanned images of driver's licenses belonging to people in the companys distribution network.

The other auction alleges to turn over “accounting documents, and accounts, plus a lot of important information that may be of value to competitors or interested parties.” The auctioneers say it came from a Canadian agriculture crop production company (we are not naming either alleged victim).

An accompanying auction page for the latter company shows whats purported to be a small sample of the data, including employee emails, confidential memos documenting conference calls, a personal wealth statement of an employee, and other documents. The auction claims to cover more than 22,000 files in PDF, DOCX, and XLSX formats. The minimum offering is $50,000 and a “blitz” price is $100,000. Fees in both auctions are payable by tRead More – Source