Security sources have told iTWire that the attackers had posted a list of documents stolen from Lion on the dark web and given the company five days from the date of publication, which appears to be Thursday, Australian time.
On Wednesday, iTWire reported that the attackers had given Lion until 19 June to pay up, based on a draft web page that had not been sent live.
The sources said the list of documents included the company's financial information and also personal information of its clients.
REVil, which is also known as Sodinokibi, attacks systems running Microsoft's Windows operating system.
It is one of the growing number of ransomware packages that first exfiltrates files on a victim's system and then encrypts them on-site.
A ransom note is then generated, with instructions provided as to how payment can be made, generally in cryptocurrencies.
If the victim does not pay by the deadline, then files are slowly leaked on the dark web in small amounts as a bargaining tactic.
REvil recently started another way of making money off the data it steals, in the event that the ransom is not paid. It puts up the data for auction.
iTWire contacted the company for comment on Thursday morning.
A spokesperson said in a text message that beyond confirming that it was the victim of a cyber attack, caused by ransomware, Lion was not in a position to provide any further comment.