Getting hit with ransomware is crippling for many businesses, especially if the response is not handled correctly. 2020 has been the year of extortion where many large companies, including Michigan State, fell prey to ransomware such as Maze, Doppelpaymer, and Snake variants that posted their data to an onion site as soon as the ransom was not paid. REvil ransomware, this past week, raised the stakes when instead of posting the data that was stolen, they auctioned it to the highest bidder.

Earlier this week, REvil ransomware group (creators of Sodinokobi) began posting on an onion site about its first auction. This “store” allegedly holds valuable information to include PHI, PII and accounting documents. 22,000 files’ starting price was $50,000.

This is not the first time REvil has made this threat before, and no substantial evidence of selling data in the past has been found. Furthermore, REvil’s motive behind this is not clear, but likely this is the next step in making as much money off of a ransomed company as possible, likely securing payment from each company hit.

SpearTip is closely monitoring cyber criminals and their shift in technique. After they have stolen your data, just encrypting your network doesn’t leave them satisfied. Obtaining enough information to be able to receive a large sum of money keeps them motivated. This is why after your data is in their possession, they auction it off.

This type of incident places extreme importance on proper forensic imaging and analysis post incident. Being able to effectively say whether data was stolen from an environment or not is the difference, many times, between notifying all of your customers and performing no notifications at all. Also, having a strong counterintelligence team allows partners to validate if information is actually being sold, or if this is just another copycat attack.

To begin preparation for a cybersecurity incident before it happens, and to avoid business disruption, brand reputation and headline news, email [email protected] to partner with SpearTip’s cybersecurity experts.

24/7 Breach Response: 833.997.7327