Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

RansomHub group says it was behind Christie's attack, threatens to release private data of half a million customers

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted.".

The recent cyberattack at auction house Christie’s, which took the company’s website offline hours before a major event, appears to now be confirmed as a ransomware incident.

A hacking collective calling itself RansomHub has claimed responsibility for the attack, also saying it stole sensitive information about Christie’s customers.

The iconic auction house was forced to set up an entirely new website for live auctions after its main domain was brought down days before it was planning on auctioning roughly $840 million worth of art.

Born out of ALPHV

Now, RansomHub has posted a new thread on a dark web site, assuming responsibility for the attack, and claiming it grabbed customer names and birth dates. At this moment it is impossible to verify the authenticity of the claims, but with RansomHub’s history, it’s possible they are telling the truth.

RansomHub was born out of the disappearance of the ransomware-as-a-service known as ALPHV, or BlackCat. 

With a ransomware-as-a-service model, one group builds and maintains the malware while others, called affiliates, do the actual breaching and encrypting. When affiliates successfully extort money from a victim, they get a piece of it, while a piece goes to the developers. When an ALPHV affiliate breached Change Healthcare earlier this year, they allegedly successfully extorted the healthcare giant for $22 million. However, when it was time to split the prize, the developers took all of it and just disappeared, leaving the affiliate with roughly 4TB of stolen sensitive data.

This affiliate was later named RansomHub and it tried, on its own, to extort Change Healthcare again. 

In Christie's case, the group said it would release the timer by the end of May, since it couldn’t come to an agreement with the company.

Via The New York Times

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.