The REvil attackers had sought a ransom payment of US$7.5 million but Coveware sought to bring this down to US$3.25 million. After back and forth talks, the REvil gang reportdely was told that company was refusing to pay anything.
The group then appears to have concluded that Coveware was not negotiating in good faith and said it would increase the ransom, but no figure has yet been named.
The group also released more material from the food distribution firm. It had released some documents before the negotiations began but when the company asked for some to be taken down to facilitate negotiations, the ransomware operators obliged.
The REvil attackers have also reportedly raised the ransom demand for entertainment and media lawyers Grubman Shire Meiselas & Sacks, from whom it had initially demanded US$21 million.
In this case, the ransomware gang appears to have taken offence after it was told that 10 days of collecting money to pay this amount had yielded US$365,000.
The ransom demanded has now been upped to US$42 million.
REvil is also known as Sodinokibi and those who use the malware to stage attacks follow what is now becoming a common practice of first exfiltrating data, and then encrypting it on-site.
Publication of the exfiltrated data, in stages, is then used to put pressure on the victim to pay up.