In their continued effort to make ransomware more painful, many criminal ransomware groups have recently turned to auctioning off data they have stolen to the highest bidder. Groups like REvil, Sodin, or Sodinokibi are known to be engaging in this type of data dissemination.

They start by releasing small amounts of specific information to prove what information they obtained during the cyber-attack, and then proceed to threaten that more could be released. They will attempt to get the main owner to pay a ransom to both unlock their data and prevent the disclosure. But, if the owner doesn’t pay or doesn’t want to pay enough, the ransomware operators are turning to a public auction.

These ransomware groups aim for content that is of the highest importance to potential buyers: financial transactions, insurance data, scanned images of driver’s licenses belonging to the company’s customers, employee emails, confidential data from conference calls, and other personal statements. This data is something you are obligated to protect.

A ransomware attack today is especially tough for companies during a time where they may have already encountered coronavirus-caused financial struggles. No company wants to face these exponential struggles, so it is vital to prevent this from happening to yours. A small investment in security can go a long way to prevent something like this from happening to you.

A robust security program will include the following capabilities and technology:

  1. A 24/7/365 Security Operations Center (SOC) to stop cyber threats at any time
  2. User Behavior Monitoring to protect your weakest link, your employees
  3. Malware Prevention to prevent intrusions and ransomware
  4. Threat Intelligence to continuously monitor the dark web
  5. Cloud SIEM (Security Information Event Management) to correlate data across your IT environment
  6. EDR (Event Detection and Response) to gain advanced visibility onto computer systems regardless of location
  7. Managed Incident Handling to ensure that when an event happens it is properly responded to

For more information on how to protect your environment, visit or email [email protected] to speak with a cybersecurity professional.

24/7 Breach Response: 833.997.7327