Ransomware Gang Strikes Again With More Auctions Listing Stolen Data

Published at: June 8, 2020

Ransomware group REvil has started another auction on the dark web listing sensitive data stolen from two US-based law firms.

The listing appeared June 6 through REvil’s official blog on the darknet, where bidders look to acquire 50GB of data from Fraser Wheeler & Courtney LLP and 1.2TB of data from the database of Vierra Magen Marcus LLP.

Information auctioned includes client information, internal documentation of the company, electronic correspondence, patent agreements, business plans and projects, as well as new technologies that have yet to be patented.

IP-related law firm among the victims

The law firm Vierra Magen Marcus LLP specializes in intellectual property law. According to REvil, the company’s clients include more than 650 technology companies and individuals, with clients such as Asus, Toshiba, Seagate, Nissan, LG, Silicon Valley startups and “more big companies.”

The starting price for the auction listing of Fraser Wheeler & Courtney LLP is $30,000 to be paid Bitcoin (BTC) in less than a week or the group threatens to publicize the data, according to the countdown displayed as of press time.

Possible motivations behind auctions

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, commented that REvil began auctioning data after failing to extract payment from Grubman Shire Meiselas & Sacks, the law firm representing Madonna. He added the following:

“I suspect that the primary purpose of the auctions is not to create revenue, but to up the ante for future victims. The prospect of data being auctioned and sold to competitors or other criminal enterprises may worry companies far more than it simply being posted on an obscure Tor site and so provide them with an additional incentive to pay the demand.”

Callow cautions that ransomware has morphed into a multi-billion dollar industry in which tactics are becoming ever more extreme and the amounts demanded ever higher. He noted, “They’re fast becoming apex predators.”

The threat analyst said the following about what companies must do to contain ransomware attacks:

“The only way to reverse this trend is to cut off the flow of cash, and that means companies must stop paying ransoms. If this does not happen, attacks will continue and become ever more sophisticated and hard to defend against.”

Cointelegraph reported on June 7 about a study made by digital forensics, Crypsis Group, that revealed a rise in the ransoms demanded by ransomware attackers, as the amounts grew by 200% from 2018 to 2019.

Tags
Related Posts
Robotics Company Falls Prey to Ransomware Attack
Ransomware gang REvil, known for launching stolen data auctions on the dark web, is now leaking sensitive documents stolen from a US-based robotics company. According to an official blog post from REvil on June 11, the team has started leaking confidential data belonging to Symbotic LLC. The post noted: “You do not want to speak with us and you probably think that we will not publish your data. We are already publishing.” The cybercriminal group stated that they’d created a website and paid for the hosting for a year. They threatened to make the robotics company’s data visible for “a …
Technology / June 12, 2020
Major Chilean bank shuts down all branches following ransomware attack
Banco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil. According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident. Citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and …
Technology / Sept. 8, 2020
Ransomware Gang Steals 10TB of Pics and Data From Canon
Multinational corporation Canon reportedly fell victim to a ransomware attack launched by Maze group against its email and storage services and its United States website on July 30. Maze has threatened to leak the pics and data if a crypto ransom is not paid. The image.canon site was out for six days, during which it showed updates. It went back into service on Aug. 4. Canon put out a statement that day about the attack, saying there had been no leak of image data, nor thumbnails of the photos stored in its cloud service. However, the severity of the attack …
Technology / Aug. 6, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020