REvil Ransomware Hackers Set to Auction Off Stolen Corporate Data on Dark Web
Hackers from REvil leaked a sample of stolen corporate data online. The ransomware hackers created a dark web auction site to sell stolen corporate information. The records are compromised information taken from Canadian agricultural company Agromart Group. According to cyber security researchers at Krebs on Security the stolen information contains documents and details for Agromart Group’s last three months of operations.
REvil leaked the data on their dark web “Happy Blog” according to cyber security researchers Brian Krebs. The hacker plan on auctioning off the data in their first ever auction site. A screenshot other starting price and time left was posted online on their blog.
Leaking data online is becoming the norm for hacking groups as they try to pressure compromised companies to pay the ransom fee.
The opening bid is set at $50,000 but REvil plans on auctioning off the data to the highest bidder.
Cyber security firm Cyble, a US cyber security company, examined some of the stolen data and says the data is legitimate. The compromised information contains three databases and over 22,000 files
• Financial accounts
• Personal net worth documents
• Aging report of documents of their users
• Agromart group’s credit application and agreement form
• and more
The Agromart Group provides crop nutrients, seed, crop protection products, custom application and associated services to agricultural producers across Eastern Canada.
The FBI has advised Ransomware victims not to pay any ransom demands Hackers are getting more creative with their ransom tactics because small governments and corporations have vowed not to pay any ransom to discourage future attacks. Cyber criminals may be resorting to new tactics like this auction style extortion because companies like it’s possible that companies like Agromart Group’s simply don’t have the money to pay the ransom right now.
What is REvil?
REvil is an organized group of hackers also known as Sodinokibi or Sodin.
How Do I Defend Against Ransomware Attacks?
- Patch all hardware and software as soon as updates become available. Malware attacks often take advantage of known vulnerabilities. Many of which have already been resolved with security updates
- All devices including personal devices that connect to the network must also be patched and secured
- Disable macros in Microsoft Office for Word Docs and Excel files
- Maintain a backup of all systems and important data. If your network does get hacked, you will have a restore point to work with an avoid paying ransom
- Give users the bare minimum Permissions to do their job. Everyone does not need admin or root access restrict their login credentials to only the necessary levels and permissions to complete their tasks