The fact that REvil was the first group to start up an auction site is not surprising given the fact that the group began discussing the auction of data following their breach of the Grubman, Shire, Meiselas, & Sacks law firm. During that time the group claimed to have auctioned off data about President Donald Trump and had discussed using the criminal auction site Joker Buzz to sell victim data in the future. However, no auctions on Joker Buzz were ever seen which lined up with REvil’s victims during that time. With the public auctioning of victim data being a newer move by REvil, it is possible that these first sales will go quickly. The starting prices for the two victims are $100,000 USD and $50,000 USD and are set to increase by bids of $10,000 and $5,000, respectively, with blitz, or buy it now, prices of $200,000 USD and $100,000 USD. If the data does not sell, the group will likely reevaluate their sale prices and may choose to repost the data. The start of data auctions increases the need for organizations to not only ensure they have proper data backups, preferably following the 3-2-1 rule, but also to ensure early detection of intrusions that could lead to ransomware on their networks. Endpoint Detection and Response (EDR) solutions can give victims an early warning which afford victims the ability to quarantine infected devices and minimize the attackers ability to steal data for both ransom and auction.