RansomHub Claims Cyberattack On Christie’s Auction House


The notorious ransomware gang RansomHub has claimed responsibility for a recent cyberattack on Christie’s auction house, disrupting its website just days before its marquee spring sales and leaking data to back up its claims.

The group posted a message on its dark web leak site claiming to have gained access to compromised information about the world’s wealthiest art collectors. Christie’s officials downplayed the seriousness of the breach, however, and said that no financial or transactional data was compromised in the attack.

RansomHub Claims Cyberattack on Christie’s Auction House

The attack, which occurred two weeks ago, had brought down Christie’s official website, forcing the auction firm to switch to methods such as an alternative domain to reach potential buyers and sellers ahead of its highly anticipated spring sales after the company announced it would proceed with the sales despite setbacks.

The sales were scheduled to occur at multiple locations such as New York and Geneva, and estimated to fetch 850 million dollars from buyers.

The RansomHub ransomware gang has now claimed responsibility for the attack on its leak site, stating that it had compromised about 2GB of data from the the auction giant during the initial network compromise.

The details were said to include BirthPlace, MRZFull, DocumentNumber, BirthDate, ExpiryDate, FirstName, LastName, IssueDate, IssuingAuthority, DocumentCategory, DocumentType and NationalityName.

Christie's RansomHub Auction House 2
Source: X.com (@AlvieriD)

The threat actor group said they had attempted to come to a “reasonable solution,” but that Christie’s had ceased communications midway and failed to pay the demanded ransom. The threat group shared an alleged sample of the stolen data.

RansomHub Christie's Auction House Ransomware 33RansomHub Christie's Auction House Ransomware 33
Source: X.com (@AlvieriD)

The hackers warned that Christie’s would face heavy fines under the EU’s General Data Protection Regulation (GDPR) and face reputation damage among its clients. The General Data Protection Regulation (GDPR) mandates that EU companies disclose security incidents that compromise client data, with non-compliance potentially leading to fines up to $22 million.

Cybersecurity experts describe RansomHub as a powerful ransomware group with possible ties to ALPHV, a network of Russian-speaking extortionists.

Christie’s Auction House Downplays Data Leak

Christie’s acknowledged the cyberattack on Christie’s Auction House and unauthorized access, with spokesman Edward Lewine stating that the auction house is investigating the incident. The preliminary findings indicate that the hackers obtained a limited amount of personal client data but stopped short of compromising financial or transactional records.

Christie CEO Guillaume Cerutti also stated in a recent interview with CNBC that there was no evidence that any transaction or financial data has been impacted or leaked in the incident.

The company appeared to downplay the impact of the incident earlier, describing it as a “technology security incident.” However, employees privately reported a sense of panic, with limited information shared about the breach by top leaders.

Several prominent buyers and sellers also indicated to the New York Times that they were in the dark about the impact, and were not alerted to the hack until a reporter had reached out to them.

Lewine stated that the auction house was now in the process of notifying privacy regulators and government agencies, and would also be notifying affected clients shortly. Despite the attack, the spring sales concluded with $528 million in revenue, suggesting the incident did not significantly deter bidding activities. Following the sales, Christie’s regained control of its website.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.



Source link