On June 2, 2020, the operators of the REvil ransomware, also known as Sodinokibi, created a new auction site to sell their victims’ stolen data to the highest bidder. The REvil operators started a new section on their data leak site “Happy Blog,” which was used to conduct auctions. At the time of writing, the ransomware operators are selling the stolen data of the two companies. The first is a US food distributor, Sherwood, whose auctioned data has a starting price of $100,000 USD and can be bought immediately for $200,000 USD. The second victim is an unspecified Canadian agricultural company whose data starts at $50,000 USD and has a buy it now price of $100,000 USD. In May 2020, the REvil operators also leaked the data of celebrity law firm Grubman Shire Meiselas & Sacks (GSMLaw) after the ransom was not paid. As part of these leaks, the threat actors claimed to have data about President Trump and later claimed that they had sold the President’s Data for $1,000,000 USD. Additionally, the threat actors also stated that they would sell the private legal documents of Madonna. Nuspire recommends organizations use the following mitigation against the ransomware attacks.
-Maintain up-to-date next-gen endpoint protection with antivirus signatures and engines.
-Keep operating system patches up-to-date.
-Restrict users’ permissions to install and run unwanted software applications.
-Provide phishing and social engineering awareness training to employees.
-Use a dedicated email service with strong malware filtering.