After GSMLaw, REvil Targets 2 Food Supply and Tech Firms, Demands Millions as Ransom

Following the US celebrity law firm GSMLaw hack and the not-so-controversial data leak about President Donald Trump, ransomware operator group REevil aka Sodinokibi has lured two US- based large food distributors. Alongside this, REvil has deceived a 3D technology company called Faro Technologies. The two food companies are San Diego, California, Harvest Food Distributor, and Detroit, Michigan, Sherwood Food Distributors. Both the companies supply their food products to mega market chain stores, including Kroger, Albertsons and Sprouts.

The Ransom

Following the attack, the ransomware operator has demanded a ransom of $7.5m from Harvest Food Distributors and Sherwood Food Distributors. The ransom amount from Faro Technologies has not been disclosed yet. Faro Technologies develops and manufactures leading-edge solutions that enable high-precision 3D capture, measurement, and analyses across various industries, including manufacturing, construction, engineering, and public safety. The ransom amount Faro Technologies is expected to be way higher than the sum they have demanded from the food companies considering its volume.

REvil's GSMLaw Hack
The REvil group of hackers had recently hacked the US-based entertainment lawyer Allen J Grubman-owned celebrity law firm Grubman Shire Meiselas & Sacks. Following the hack, REvil had compromised at least 756 GB data containing sensitive documents of international celebrities like Madonna, Lady Gaga, Elton John, Robert De Niro and Christina Aguilera before encrypting the GSMLaw network. The group of attackers later leaked the first dump of data on its dark web-based official blog and asked a ransom of $21m from the victims.

A few days after, REvil doubled the ransom amount by mentioning that the victim had failed to meet the deadline. With a demand of $42m, the ransomware operators also claimed that they would put all the data on auction if the law firm does not meet its demand.

REvil PR release
REvil PR release Screengrab/IBTimes

Trump's 'Dirty Laundry'

They also claimed that they would reveal a controversial email dump of Trump. The hacker group wrote that after the "dirty laundry" gets published, nobody would be interested to see him back as president. However, a spokesperson from Grubman claimed that Trump has never been a client of the law firm.

After a few days, REvil leaked a dump of 169 emails, but there is nothing sensitive in them. However, the ransomware operator later mentioned that they have sold Trump's "Dirty laundry" to an interested party and would auction Madonna's data on May 25. They have also threatened GSMLaw that if they do not pay, their valuable data would go forever.

petya ransomware
Related topics : Ransomware