RansomHub group says it was behind Christie's attack, threatens to release private data of half a million customers
Hacked Christie's data will be released by the end of the month
The recent cyberattack at auction house Christie’s, which took the company’s website offline hours before a major event, appears to now be confirmed as a ransomware incident.
A hacking collective calling itself RansomHub has claimed responsibility for the attack, also saying it stole sensitive information about Christie’s customers.
The iconic auction house was forced to set up an entirely new website for live auctions after its main domain was brought down days before it was planning on auctioning roughly $840 million worth of art.
Born out of ALPHV
Now, RansomHub has posted a new thread on a dark web site, assuming responsibility for the attack, and claiming it grabbed customer names and birth dates. At this moment it is impossible to verify the authenticity of the claims, but with RansomHub’s history, it’s possible they are telling the truth.
RansomHub was born out of the disappearance of the ransomware-as-a-service known as ALPHV, or BlackCat.
With a ransomware-as-a-service model, one group builds and maintains the malware while others, called affiliates, do the actual breaching and encrypting. When affiliates successfully extort money from a victim, they get a piece of it, while a piece goes to the developers. When an ALPHV affiliate breached Change Healthcare earlier this year, they allegedly successfully extorted the healthcare giant for $22 million. However, when it was time to split the prize, the developers took all of it and just disappeared, leaving the affiliate with roughly 4TB of stolen sensitive data.
This affiliate was later named RansomHub and it tried, on its own, to extort Change Healthcare again.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In Christie's case, the group said it would release the timer by the end of May, since it couldn’t come to an agreement with the company.
More from TechRadar Pro
- Christie's website hit by major cyberattack hours before huge auction
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.