Ransomware Group Threatens Auction of Madonna's Legal Data

Published at: June 2, 2020

The ransomware gang REvil has launched an auction feature on the dark web in the past 24 hours, starting with the stolen data from a Canadian company and threatening to auction off information hacked from famous singer Madonna next. 

Cointelegraph accessed information from the first auction campaign conducted by REVil, who detailed that the Agromart Group is the “first batch” of data to be put up for auction, which is the data stolen after a ransomware attack.

Madonna’s data auction threat

At the bottom of the list, the ransomware gang warned Madonna and “other people” that they could be the next victims of future auction listings in their campaign.

The reference to Madonna is related to her latest ransomware attack on a high-profile New York entertainment law firm — first reported by Cointelegraph — which represents the private legal affairs of dozens of the world’s biggest music stars and world cinema, including Lady Gaga, Elton John and Robert DeNiro.

An initial price in Bitcoin (BTC) or any other crypto has not been disclosed as of press time.

According to the details, scanned copies of Agromart’s financial accounts, personal net worth documents, aging report of records of their users, company’s credit application and agreement form, among others, are among the data included in the REvil’s campaign.

Source: Remsisoft

Ransomware gangs are getting sophisticated with their attacks

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Remsisoft, and one of the first experts to unveil the new move by the ransomware gang, said that companies in this situation have no good option available to them. 

He added the following about the sophistication of recent ransomware attacks:

“The tactics used by ransomware groups are becoming ever more extreme, and this was a logical progression. It enables the criminals to monetize stolen data while also serving as a warning to other companies regarding the consequences of non-compliance.” 

Callow believes that although ransomware groups have sold and traded data in the past, this is the first time that hacked information is being auctioned under a somewhat formalized process. The ransomware expert commented on the following:

“I suspect the auctions are more about applying additional pressure to other victims than they are making money. It’s just one more way that the criminals can strike fear into companies.”

Recent REVil’s ransomware attacks

The REvil gang has starred in a few attacks recently, aside from the law firm. Cointelegraph reported on December 5 about a ransomware attack perpetrated against Texas-based data center provider CyrusOne.

Also, on May 22, a report from the UK-based cybersecurity firm Sophos released reports of a new method of human-operated ransomware attack launched by groups like REvil.

Tags
Related Posts
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Well-Known Ransomware Gang Strikes Three Companies in the US and Canada
Ransomware group REvil has launched another series of attacks targeting three companies in the U.S. and Canada. As of press time, they have leaked data from two of the companies, and threatened to disclose sensitive data from the third. The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store. First target of the week: an accounting company The gang kicked-off the week by leaking sensitive data from the Canada-based accounting company, Goodman Mintz LLP. The leak included company files, accounting and working documents of clients, …
Technology / June 17, 2020
Knoxville Is the Latest American City to Suffer a Ransomware Attack
An unidentified ransomware gang attacked the city of Knoxville, Tennessee’s IT network, forcing officers to shut down all systems on June 12. According to local news station WVLT, the attack took place sometime between June 10–11, encrypting all files within the network infrastructure. The attack forced workstations of the internal IT network to be shut down, which also disconnected internet access from the mayor’s infrastructure, public website, and even the Knoxville court. The FBI is currently assisting in the investigation, although the identity of the ransomware group behind the attack has not yet been revealed. The official statement from the …
Technology / June 15, 2020
Robotics Company Falls Prey to Ransomware Attack
Ransomware gang REvil, known for launching stolen data auctions on the dark web, is now leaking sensitive documents stolen from a US-based robotics company. According to an official blog post from REvil on June 11, the team has started leaking confidential data belonging to Symbotic LLC. The post noted: “You do not want to speak with us and you probably think that we will not publish your data. We are already publishing.” The cybercriminal group stated that they’d created a website and paid for the hosting for a year. They threatened to make the robotics company’s data visible for “a …
Technology / June 12, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020