The REvil ransomware gang has auctioned sensitive information data, hacked from renowned debit credit services provider, Interacard.
In line with REvil’s website, the data is still available in an auction listing posted by the group. All prospective bidders are required to pay using Monero [XMR].
REvil has earlier only auctioned data in cases where their name-and-shame tactics fail to extract required payments from the targeted businesses. However, this doesn’t appear to be in this case.
Sensitive Information Of Million Users At High Risk
While explaining, Brett Callow, threat analyst at malware lab Emsisoft revealed some possible reasons behind REvil’s tactics:
“Within this case, REvil appears to have bypassed their usual name-and-shame strategy and gone on to the auction stage. The group may have done this within the belief that the sensitive information would be worth more than be than company itself would be willing to pay, or the data could could have been obtained in an attack that occurred prior them launching their leak site earlier in the month of February this year. If the group is now auctioning data from older incidents, this might obviously be bad news for any companies that were attacked by REvil before February. Their data could soon be put up for auction soon.”
If it’s true that the ransomware gang is simply auctioning data from old attacks, Callow believes that the businesses attacked between April 2019 – when the ransomware was first identified & February 2020 -when the group launched their website, are now in danger of getting their data publicly leaked.
4-Days Auction Countdown Left
The auction lists databases, documents from HR as well as accounting, technical documentation, customer information, and Point of Sale, or POS, firmware sources and builds.
In line with the listing, the auction starts at $100k, and has less than 4 days remaining as at the reporting time. it’s not clear whether REvil will leak once this auction countdown time is over.
Recently also, REvil launched another series of attacks against 3 renowned companies within the U.S. and Canada. The businesses include Goodman Mintz LLP, licensed real broker Strategic Sites LLC, and ZEGG Hotels & Store, along with several other Canadian accounting firms.