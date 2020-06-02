Ransomware operators say they are auctioning off victims' confidential data in an attempt to further pressure them to pay high fees for their safe return.

Happy Blog, a dark website maintained by the criminals behind the ransomware known as REvil, Sodin, and Sodinokibi, began the online bidding process on Tuesday. Previously, the group released limited details of selected victim data and threatened to transmit additional confidential material if the owners did not pay. In addition to stealing the data, the group also encrypts it so that the owners can no longer access it.

The combination of the threat of publishing data and at the same time blocking it from its rightful owner is designed to increase the chances of a payment. The new tactic increases the pressure, possibly because past practices have not yielded the desired results. The required ransoms are often high, sometimes in the millions of dollars. The affected companies have also been reluctant to encourage further attacks by rewarding the people behind them. To this reluctance are added new financial pressures caused by the coronavirus pandemic.

At the time of publication, Happy Blog was announcing data auctions for two companies. One is described as a food and harvest dealer. The auction promises more than 10,000 files containing confidential cash flow analysis, dealer data, commercial insurance content, supplier information, and scanned images of driver's licenses belonging to people in the company's distribution network.

The other auction claims to deliver "accounting documents and accounts, plus a lot of important information that may be valuable to competitors or interested parties." The auctioneers say it came from a Canadian agricultural crop production company (we are not naming any of the alleged victims).

An auction page accompanying the latter company shows what is supposed to be a small sample of data, including employee emails, confidential notes documenting conference calls, an employee's personal wealth statement, and other documents. The auction claims to cover more than 22,000 files in PDF, DOCX and XLSX formats. The minimum bid is $ 50,000 and a "shelling,quot; price is $ 100,000. The fees in both auctions are payable by the Monero digital currency.

Auctions are a new tactic that the REvil gang recently hinted could begin. The suggestion came after the group released evidence that it hacked into a prominent law firm and stole confidential information for a variety of its famous clients. One of those clients is alleged to be Madonna. One of the auction pages on Tuesday seemed to allude to this clue by saying: “And we remember the Virgin and other people. Soon."

The scourge of ransomware has thrived because it provides hackers with an easily monetized crime that victims must pay directly (assuming they pay). The anonymity of digital currencies like Monero also plays a key role in the success and persistence of ransomware. The new high-pressure tactic suggests that while crime has staying power, it can still be difficult to demand payment.