REvil Ransomware Creates eBay-like Auction Site For Stolen Data – Experts Comments

The operators of the REvil ransomware have launched a new auction site used to sell victim’s stolen data to the highest bidder. REvil, otherwise known as Sodinokibi, is a ransomware operation that breaches corporate networks using exposed remote desktop services, spam, exploits, and hacked Managed Service Providers. Once established on a network, they quietly spread laterally through the company while stealing unencrypted data from workstations and exposed servers.

EXPERTS COMMENTS
Martin Jartelius, CSO ,  Outpost24
June 04, 2020
It’s the age old – How to monetize from the breach problem.
It’s the age old – How to monetize from the breach problem. If you are using ransomware, the one paying is the information owner, it is relatively straight forward and does not require an understanding of the local language, of the industry targeted or the information obtained. The other option, targeting specific information, identifying it, exfiltrating it, and finding a private buyer, is te ....
Robert Ramsden Board, VP EMEA ,  Securonix
June 04, 2020
The fact that this cybercriminal gang has set up a site to auction exfiltrated data.
REvil ransomware is the same strain that was used when the A-list law firm Grubman Shire Meiselas & Sacks was breached last month. The fact that this cybercriminal gang has set up a site to auction exfiltrated data just proves how valuable information in today’s digital society is. From personal information (in this instance Madonna and other celebrities) to corporate data, such as a US food dis ....
Jake Moore, Cybersecurity Specialist,  ESET
June 04, 2020
Cyber criminals have clearly been financially affected by the pandemic as many groups have changed their income generation tactics.
Cyber criminals have clearly been financially affected by the pandemic as many groups have changed their income generation tactics in recent months. Whether it is due to a lack of ransoms being paid, or whether finally the message has got through about backing up data correctly, these cyber criminals gangs are changing tact to generate more cash where they can. They now seem to attempt more ext ....
Jamie Akhtar, CEO and Co-founder,  CyberSmart
June 04, 2020
It's important that businesses educate their employees on safe remote working practices.
As employees continue to work remotely, companies run the risk of exposing their corporate networks in a variety of new ways. It's important that businesses educate their employees on safe remote working practices in the same way they established secure work environments in the office. Stopping the spread of ransomware as soon as it is detected is also critical. If someone on the team suspects the ....
Niamh Muldoon, Senior Director of Trust and Security, EMEA,  OneLogin
June 04, 2020
Ransomware brings organizations to a stop causing havok.
Ransomware brings organizations to a stop causing havok. Organizations can pro-actively defend against Ransomeware by having crisis management in place that practice scenarios involving Ransomware. Key learnings come from crisis management table top exercises including business continuity gaps. That this particular ransomware uses an auction system will only make it profitable, and therefore more ....
