The group on July 1 reportedly placed legal documents corresponding to Nicki Minaj, Mariah Carey and LeBron James up for bid, with the starting price set at $600,000 per lot. The next set of auctions is set for July 3 and will include documents pertaining to entertainment and media companies Bad Boy Entertainment Holdings ($750,000), Universal ($1 million) and MTV ($1 million).
Bidders can buy all of the stolen documents from all clients for $42 million, which is the amount the attackers were demanding in ransom from the law firm, which has refused to pay.
Auctioning off stolen data creates another potential avenue for monetization while also ratcheting up pressure on victims to pay or at least negotiate.
"I’m not sure whether REvil actually anticipates being able to monetize this data. Who’d pay so much for legal documents? The celebrities?" said Brett Callow, threat analyst at Emsisoft. "It could be the case that the group is conducting the auction simply to demonstrate to future victims that they can cause problems that extend well beyond the initial ransomware attack and that payment is the least painful option."
It was approximately one month ago that the Sodinokibi group first announced the launch of its own auction website. Reportedly, the group debuted its new service by offering up files stolen from a Canadian agriculture company. Another news report identified a second victim as a food and harvest distributor with more than 10,000 stolen files up for auction. At the time, the group also reportedly floated the idea of selling files on Madonna from Grubman Shire Meiselas & Sacks, but for now it appears that the group instead has opted to focus on other celebrities and media entities.