According to their website, The Agromart group in Canada provides crop nutrients, seed, crop protection products, custom covering and associated services to agricultural producers across Eastern Canada. last month, they experienced a ransomware tone-beginning by the Sodinokibi/REvil terror actors. That in and of itself would be newsworthy, but then the terror actors decided to stress to auction off the data they stole from the group. piece other terror actors have put stolen data up for sale when their victims did not assemble their demands, creating an auction site and system appears to be the next step in the evolution of ransomware attacks in 2020. The idea for an auction had been raised previously in the context of auctioning off Madonna’s files held by the Grubman Shire Meiselas & Sacks law firm. At the time, REvil suggested that Madonna’s files would be lay up for auction with a starting bid of $1 million. That hasn’t happened (although the terror actors order they will let back to that one). in the interim, though, it seems that REvil has opened its have auction platform, with the Agromart data being the first on the auction block: “Agromart group is a group of companies engaged in crop production and farming in Canada. Contains accounting documents, and accounts, plus a lot of important information that may live of value to competitors or interested parties. All files of actual information for the last 3 months. Also in the archive you will acquire several databases that are no less interesting. Archive in energy format 1. Files pdf,docx,xlsx – 22328 2. Database – 3 When the auction is over, you will be provided with a download link from the cloud with the following deletion.” Bidders demand to register on their auction site, deposit $5,000.00, and then urinate an opening adjure of at least $50,000.00 The “blitz” price is $100,000.00. as they get done in other incidents, the threat actors experience also posted a number of unredacted files they exfiltrated from their victim’s server(s). In this case, some of the correspondence they get posted seems intended to embarrass Agromart. Other correspondence concerns Agromart’s response to the ransomware snipe itself, including transcribed notes from a conference telephone about the attack, emails about the firm’s steps and concerns as they respond to the attack, etc. Did no i tell the companion not to employ corporate email or phones to communicate about the plug or their plans? None of the correspondence this site has seen so far indicates the total of ransom REvil is demanding. The auction is slated to end in less than 7 days. Whether they will get any purchasers remains a matter of speculation. The same threat actors claimed that they sold their files on Trump, but of course, who knows if there’s any verity to that or if there were files, if they contained anything that wasn’t already in public files. With Agromart, however, and apart from the corporate and intellectual property, there may also be personnel information that could leading to identity theft and other problems.