Imperial Market Advertise Here Hidden Links

Debit Card Data Auctioned on Dark Web After Ransom Goes Unpaid

REvil ransomware gang immediately auctioned sensitive data after a card services provider failed to cover their ransom. The REvil ransomware gang is auctioning off sensitive information, stolen from debit card services provider, Interacard.

According to REvil’s website, the information is available in an auction listing published by the group. All prospective bidders are required to pay using Monero (XMR). REvil has previously only auctioned data in cases where their name-and-shame tactics fail to extract payment from a targeted company. That does not appear to be the case this time, however.

Hypothesis behind going directly to the auction stage

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft provided some possible reasons behind REvil’s tactics: “In this case, REvil appears to have bypassed their usual name-and-shame strategy and gone directly to the auction stage. The group may have done this in the belief that the data is worth more than the company would be willing to pay, or the data could have been obtained in an attack that occurred prior them launching their leak site in February of this year. If the group is now auctioning data from older incidents, that would obviously be bad news for any companies which were attacked by REvil prior to February. Their data could soon be put up for auction.”

If it’s true that the ransomware gang is merely auctioning data from old attacks, Callow believes that companies attacked between April 2019 (when the ransomware was first identified) and February 2020 (when the group launched their website) are now at risk of having their data publicly leaked.

Details of the sensitive information leaked

The auction lists databases, documents from HR and accounting, technical documentation, customer information, and Point of Sale, or POS, firmware sources and builds. According to the listing, the auction starts at $100,000, and has less than four days remaining as of press time. It is not clear whether REvil will leak once the countdown finishes.

REvil recently launched another series of attacks against three companies in the U.S. and Canada. The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store.

Share this article

  • The Deep Web
  • Cryptocurrencies
  • Darknet Markets
  • Cybersecurity & ...
  • Editor's Picks
While the dark web offers a haven for criminals
We’ve seen an ugly trend recently of tech news
Data breaches are almost always a catastrophic
"The City of Knoxville is aware that the threat
The threat actor behind the Sodinokibi (REvil)
A database of 384,319 BMW car owners in the U.K.
Attackers who used the Nefilim ransomware, that
A Winnipeg woman has been sentenced to six years
SQL databases allegedly stolen from 945 websites
  • 1
  • 2
  • 3
Submarine   Hidden Links   Onion Scanner


Visit Our Friends

Subscribe to Our Newsletter

Enter your email to receive our monthly newsletter!
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…