Being struck by ransomware used to mean that data would be lost forever unless you paid up. Those days are long gone. Today ransomware gangs are also stealing their victims’ data… and in some cases auctioning it off on Dark Web markets.
The hackers behind the REvil or Sodinokibi ransomware have siphoned off terabytes of data from the systems they’ve infected. When victims aren’t willing to meet ransom demands, the REvil gang is more than willing to use alternative means to profit from their attacks.
Researchers at Cyberint published a report this week that sheds light on this new approach. Once it’s clear that a victim is not going to pay, the stolen data is put up for auction. Anyone who wants to bid can do so anonymously. No proof of identity is required, just a successful completion of a CAPTCHA challenge.
Whose data is being auctioned off? So far, Cyberint has spotted a handful of listings. There was a trove of documents from a major U.S. food distributor with a starting price of $100,000. A 50 gigabyte cache of sensitive files from a U.S. law firm was priced at $30,000.