Well-Known Ransomware Gang Strikes Three Companies in the US and Canada
REvil’s ransomware group begins campaign of leaking sensitive data from three companies.
Ransomware group REvil has launched another series of attacks targeting three companies in the U.S. and Canada. As of press time, they have leaked data from two of the companies, and threatened to disclose sensitive data from the third.
The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store.
First target of the week: an accounting company
The gang kicked-off the week by leaking sensitive data from the Canada-based accounting company, Goodman Mintz LLP. The leak included company files, accounting and working documents of clients, databases, data for logging into client banks, and audit results of companies.
Some usernames and passwords belonging to clients are available on REvil’s blog, together with security questions from the leaked login information.
Although there is no official confirmation from the company, it would appear that they have not paid the requested ransom. The group often asks for Monero (XMR) or Bitcoin (BTC) as payment for their ransoms.
Documents belonging to the duty-free store, ZEGG, were also reportedly leaked, according to a message addressed to Oliver Zegg, one of the store’s owners.
U.S.-based real estate broker threatened
REvil threatened to leak data from the third company, Strategic Sites LLC, if they fail to reach an agreement with the gang.
Speaking with Cointelegraph regarding Goodman Mintz LLP’s attack, Brett Callow, threat analyst and ransomware expert at malware lab Emsisoft, warned that at this point, REvil is attempting to extort money from the firm. He says that the data may be auctioned if the firm does not pay.
Callow added:
“Ransomware incidents have morphed into data breaches that represent a risk not only to the target company, but also to its clients and business partners. The data that is stolen in these attacks may be sold or traded with other criminal enterprises and used for spear phishing, identity theft and various other forms of fraud. In other words, one crime can result in many.”
Recently, Cointelegraph reported about a US-based independent advisory firm specializing in the consumer and retail sectors that was attacked by ransomware gang, Maze.