REVil Group Opens Auction for Stolen Law Firm Data

The REvil ransomware group has been on a particularly damning string of cyber terrorism acts, and it doesn’t appear to be stopping anytime soon. Now, the ransomware group appears to be selling off the trove of sensitive data that it has stolen over time, as it looks to make some quick cash. 

Pay Up or Be Exposed

Late yesterday,Krebs On Security reported that REvil had started an auction on the Dark Web and was offering data that it had gotten from various law firms across the United States. As the industry news source confirmed, the listing appeared over the weekend on REvil’s official blog. 

After an analysis, Cointeglegraph found that REvil was offering as much as 50GB in data from Fraser Wheeler & Courtney LLP, a Lake Charles, Louisiana-based law firm. The ransomware group is also selling up to 1.2 TB worth of data that it got from Daly City, California-based Vierra Magen Marcus LLP.

The information being sold includes internal company documents, client information, patent agreements, electronic correspondence, business plans, and technology projects awaiting patents.

REvil has set a starting price of $30,000 for the listing on Fraser Wheeler & Courtney LLP’s data. All bidders are to pay in Bitcoin, and the ransomware has threatened to publicize the data within a week if it doesn’t get any bids.

A Good Year for Ransomware Companies

REvil has had an absolute reign of terror in the past few weeks. The ransomware group has targeted a wide array of individuals and companies, taking advantage of the ongoing pandemic to target possible vulnerable networks and steal their data.

Early last month, the ransomware group successfully attacked the database of Grubman Shire Meiselas & Sacks, a New York entertainment law firm that has links to some of the world’s biggest stars.

At the time, the company threatened to release confidential information on names such as Madonna, Lady Gaga, Robert DeNiro, and Elton John. REvil confirmed that it had stolen up to 750 GB worth of data from the firm, including confidential contracts, telephone numbers, email addresses, personal correspondence, non-disclosure agreements, and more.

This month, the attacks have continued. It began with an auction for data stolen from a Canadian company on June 2, the same day the ransomware group threatened to publicize the data that it had on Madonna.

According to reports at the time, REvil has warned that it would be releasing more information soon. Considering the amount of data that it now purportedly controls, it’s unclear how much damage it could possibly do to its victims.

Of course, REvil isn’t the only ransomware group to be making bank at this period. On Sunday, digital forensics firm, Crypsis Group published its 2020 Incident Response and Data Breach Report, which showed that the amounts paid to ransomware groups have surged by as much as 200 percent in the last three years.

As the report showed, the median amount of funds that ransomware groups demand is $115,123. This is consistent with attackers’ shift to enterprise-target ransomware, since companies are more capable of paying higher sums.

The report also showed that several particular ransomware – including Ryuk, REvil, and Phobos – have become especially popular in the space.