Sensitive card data was stolen from debit card provider, Interacard, by the REvil ransomware gang and the data immediately went to be auctioned off on the dark web after Interacard refused to pay a ransom according to a CoinTelegraph report.

REvil's website provided the auction listing and requires all bidders to pay using Monero cryptocurrency. The information stolen included all databases, customer information, all department documents including human resources and accounting, technical documents, POS firmware and builds, and all company network information.The auction bidding started at $100,000 and bidders have less than four days to act.

In the past, when REvil's ransomware gang stole data, it used a "name and shame" tactic to force a company to pay ransom or sensitive data would be leaked to shame individuals within the company or the company itself, according to the report. With Interacard, the ransomware gang instead went straight to auction with the information, leaving malware strategists to consider if the gang bypassed their regular strategy because they thought the materials stolen were worth more to the company or that the data stolen was from an older attack.

Another theory as to why the group would go directly to auction is the coronavirus pandemic. Companies impacted by the virus may not have the funds to pay the ransom once the lockdown is completely over, explained the report.

Cryptocurrency research firm Chainalysis, published a report in mid-April indicating that ransomware payouts have decreased significantly since the pandemic began.