RansomHub, a notorious hacker group, has taken responsibility for a cyberattack on Christie’s website, just days before the auction house’s prominent spring sales began. The attack forced Christie’s to find alternatives to online bidding, disrupting its operations at a critical time.
In a post on the dark web, RansomHub claimed to have accessed sensitive information about some of the world’s wealthiest art collectors. The group posted a few examples of names and birthdays, though the full extent of the breach remained unverified. Cybersecurity experts, however, confirmed that RansomHub is a known ransomware operation, making the claims plausible. It remains unclear if financial data or client addresses were also compromised. The hackers warned they would release the data by the end of May, posting a countdown timer on their site.
The hackers claimed Christie’s refused to pay the ransom they demanded, stating in their dark web post, “We attempted to come to a reasonable resolution with them but they ceased communication midway through. It mandates that companies disclose cyberattacks compromising sensitive client data, with noncompliance fines potentially exceeding $20 million.
RansomHub has recently emerged as a powerful ransomware group, with possible links to ALPHV, a network of Russian-speaking extortionists. ALPHV was blamed for a cyberattack on Change Healthcare earlier this year, allegedly receiving a $22 million payment from UnitedHealth Group, though the company never confirmed the payment. In April, RansomHub listed Change Healthcare as one of its victims, claiming to hold four terabytes of stolen data.
Ahead of its major spring sales, Christie’s had largely downplayed the cyberattack’s impact, which had crippled its website earlier in the month. Many clients learned about the hack only through a New York Times reporter, as the company preferred to describe the breach as a “technology security incident.” Despite the incident, the auction results showed little indication that buyers and sellers were deterred, though the results were tepid.
Inside Christie’s, the atmosphere was reportedly one of panic, with little information shared with rank-and-file staff. Following the conclusion of the spring sales season, which garnered $528 million, the company managed to regain control of its website.
Lewine stated that Christie’s is currently notifying privacy regulators and government agencies and will be “communicating shortly with affected clients.” The company’s response aims to comply with GDPR regulations and mitigate any potential fallout from the breach.
The attack on Christie’s underscores the growing threat of ransomware attacks on high-profile targets. With RansomHub’s claim of accessing sensitive data from Christie’s clients, the potential repercussions could be severe. The auction house’s efforts to downplay the attack and reassure clients will be critical in maintaining trust and minimizing damage to its reputation.
As the countdown timer set by RansomHub nears its end, Christie’s faces mounting pressure to address the breach comprehensively and transparently. The incident serves as a stark reminder of the vulnerabilities even the most prestigious institutions face in the digital age and the importance of robust cybersecurity measures.