Ransomware Gang Auctions Off Stolen Business Data

A prevalent cybercriminal group has started auctioning off stolen data. Do you know how to keep your data off the market?

It’s no longer enough to hold a company at ransom for their own data – now, cybercriminals are publicly shaming them for failing to pay up by auctioning off their data on the dark web.

Infamous cybercriminal group REvil, which has been attacking companies since last year, has recently escalated their efforts to profit off of private data by holding dark web auctions. The group announced that they would sell data stolen from a Canadian agricultural production company that failed to pay the ransom.

At a minimum deposit of $5000 in virtual currency, and a starting bid of $50,000, the auction’s winner will get three databases and more than 22,000 files stolen from the agricultural company. This attempt to auction off stolen data suggests that cybercriminals aren’t making as much as they’re used to through conventional ransomware scams, likely due to the COVID-19 pandemic.

On the other hand, this could be yet another tactic to pressure the victim into paying their ransom. REvil has, in the past, publicly shamed businesses that failed to pay the ransom for their stolen data.

“The problem is a lot of victim companies just don’t have the money [to pay ransom demands] right now,” said Lawrence Abrams, editor of  BleepingComputer. “Others have gotten the message about the need for good backups, and probably don’t need to pay. But maybe if the victim is seeing their data being actively bid on, they may be more inclined to pay the ransom.”

Revil Ransomware

Do You Know How To Keep Your Data Off The Auction Slate?

  • Confirm that anti-malware and antivirus settings are deployed to automate all updates and to continually conduct system and device scans.
  • Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories.
  • Train your staff to ask themselves these key questions before opening an email: 
    • Do I know the sender of this email?
    • Does it make sense that it was sent to me?
    • Can I verify that the attached link or PDF is safe?
    • Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
    • Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
    • Does anything seem “off” about this email, its contents or sender?  
  • If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.

That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.

Be sure to:

  • Back up data on a regular basis (at least daily).
  • Inspect your backups to verify that they maintain their integrity.
  • Secure your backups and keep them independent from the networks and computers they are backing up.

Is Your Business’ Cybersecurity Effectively Managed?

Kraft Technology Group offers comprehensive cybersecurity services to protect businesses like yours against ransomware. If you’re not getting the support you need from your current IT company, then you should consider making a change.

Like this article? Check out the following blogs to learn more:

The Need for Cybersecurity Expertise at the Board Level for Banking

The new Health Industry Cybersecurity Practices (HICP)

NIST’s Small Business Cybersecurity Corner