Ransomware Gang Strikes Again with More Auctions Listing Stolen Data

Ransomware group REvil has started another auction on the dark web listing sensitive data stolen from two US-based law firms.

The listing appeared June 6 through REvil’s official blog on the darknet, where bidders look to acquire 50GB of data from Fraser Wheeler & Courtney LLP and 1.2TB of data from the database of Vierra Magen Marcus LLP.

Brett Callow of Emsisoft

Source: Brett Callow of Emsisoft

Information auctioned includes client information, internal documentation of the company, electronic correspondence, patent agreements, business plans and projects, as well as new technologies that have yet to be patented.

IP-related law firm among the victims

The law firm Vierra Magen Marcus LLP specializes in intellectual property law. According to REvil, the company’s clients include more than 650 technology companies and individuals, with clients such as Asus, Toshiba, Seagate, Nissan, LG, Silicon Valley startups and “more big companies.”

The starting price for the auction listing of Fraser Wheeler & Courtney LLP is $30,000 to be paid Bitcoin (BTC) in less than a week or the group threatens to publicize the data, according to the countdown displayed as of press time.

Possible motivations behind auctions

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, commented that REvil began auctioning data after failing to extract payment from Grubman Shire Meiselas & Sacks, the law firm representing Madonna. He added the following:

“I suspect that the primary purpose of the auctions is not to create revenue, but to up the ante for future victims. The prospect of data being auctioned and sold to competitors or other criminal enterprises may worry companies far more than it simply being posted on an obscure Tor site and so provide them with an additional incentive to pay the demand.”

Callow cautions that ransomware has morphed into a multi-billion dollar industry in which tactics are becoming ever more extreme and the amounts demanded ever higher. He noted, “They’re fast becoming apex predators.”

The threat analyst said the following about what companies must do to contain ransomware attacks:

“The only way to reverse this trend is to cut off the flow of cash, and that means companies must stop paying ransoms. If this does not happen, attacks will continue and become ever more sophisticated and hard to defend against.”

Cointelegraph reported on June 7 about a study made by digital forensics, Crypsis Group, that revealed a rise in the ransoms demanded by ransomware attackers, as the amounts grew by 200% from 2018 to 2019.

Source