Debit Card Data Auctioned on Dark Web After Ransom Goes Unpaid

Published at: June 23, 2020

The REvil ransomware gang is auctioning off sensitive information, stolen from debit card services provider, Interacard.

According to REvil’s website, the information is available in an auction listing published by the group. All prospective bidders are required to pay using Monero (XMR).

REvil has previously only auctioned data in cases where their name-and-shame tactics fail to extract payment from a targeted company. That does not appear to be the case this time, however.

Hypothesis behind going directly to the auction stage

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft provided some possible reasons behind REvil’s tactics: 

“In this case, REvil appears to have bypassed their usual name-and-shame strategy and gone directly to the auction stage. The group may have done this in the belief that the data is worth more than the company would be willing to pay, or the data could have been obtained in an attack that occurred prior them launching their leak site in February of this year. If the group is now auctioning data from older incidents, that would obviously be bad news for any companies which were attacked by REvil prior to February. Their data could soon be put up for auction.”

If it’s true that the ransomware gang is merely auctioning data from old attacks, Callow believes that companies attacked between April 2019 (when the ransomware was first identified) and February 2020 (when the group launched their website) are now at risk of having their data publicly leaked.

Details of the sensitive information leaked

The auction lists databases, documents from HR and accounting, technical documentation, customer information, and Point of Sale, or POS, firmware sources and builds.

According to the listing, the auction starts at $100,000, and has less than four days remaining as of press time. It is not clear whether REvil will leak once the countdown finishes.

REvil recently launched another series of attacks against three companies in the U.S. and Canada. The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store.

Tags
Related Posts
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
Technology / June 24, 2020
Well-Known Ransomware Gang Strikes Three Companies in the US and Canada
Ransomware group REvil has launched another series of attacks targeting three companies in the U.S. and Canada. As of press time, they have leaked data from two of the companies, and threatened to disclose sensitive data from the third. The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store. First target of the week: an accounting company The gang kicked-off the week by leaking sensitive data from the Canada-based accounting company, Goodman Mintz LLP. The leak included company files, accounting and working documents of clients, …
Technology / June 17, 2020
Knoxville Is the Latest American City to Suffer a Ransomware Attack
An unidentified ransomware gang attacked the city of Knoxville, Tennessee’s IT network, forcing officers to shut down all systems on June 12. According to local news station WVLT, the attack took place sometime between June 10–11, encrypting all files within the network infrastructure. The attack forced workstations of the internal IT network to be shut down, which also disconnected internet access from the mayor’s infrastructure, public website, and even the Knoxville court. The FBI is currently assisting in the investigation, although the identity of the ransomware group behind the attack has not yet been revealed. The official statement from the …
Technology / June 15, 2020
Michigan State University Hit by Ransomware, Refuses to Pay Criminals
In early June, media outlets reported that the NetWalker ransomware gang had attacked Michigan State University, or MSU. At the time, the gang threatened to leak students’ records and financial documents. The university’s officials now have said that they will not pay the ransom. According to Detroit Free Press, the unspecified bounty requested in crypto by the ransomware group will not be paid by MSU. Officials did not publish an official statement addressing the reasons behind the decision. The attack seems to have happened on the U.S. Memorial Day holiday. It shut down the MSU’s computer systems, and breached its …
Technology / June 11, 2020