The operators of the REvil (Sodinokibi) ransomware gang have launched today an eBay-like auction site where they plan to sell data stolen from the companies they hack.
The auction portal is the latest trick in REvil's big bag of extortion tactics, and again confirms their role as trend-setter in the ransomware community.
Today, the REvil gang is known to be one of the most active and aggressive ransomware operations. They never target home consumers, but focus primarily on corporate targets.
They use exploits in network appliances to breach enterprise networks, where they encrypt the victim's files and ask for astronomical extortion fees (with their average demand being ~$260,000[1], as estimated earlier this year).
The REvil gang also operates a "leak site" on the dark web, where they publish teasers of stolen files, and then the whole stolen data, if victims don't pay their desired extortion fee.
However, in a blog post on their leak site today, the group announced the launch of a new "auction" feature that will allow the group to monetize the stolen files instead of releasing them for free, as they did until now.
The first auction is made up of files stolen from a Canadian agricultural company, hacked and encrypted last month, but which chose not to pay the ransom demand.
The company's files are being auctioned from a starting price of $50,000, payable in the Monero cryptocurrency, a cryptocurrency to which the REvil gang switched from Bitcoin in back in April, citing anonymity and privacy concerns.
However, while the Canadian company is the first REvil victim to have its files put up for auction, the idea for the new auction feature appears to have formed in the minds of the REvil gang during their ongoing extortion of a New York law