Advertisement
The recent cyberattack targeting auction house Christie’s, which caused the company’s website to go offline just hours before a significant event, has now been confirmed as a ransomware incident. The group behind the attack, identifying itself as RansomHub, has not only claimed responsibility but has also asserted that it accessed sensitive information belonging to Christie’s customers.
This attack left Christie’s with no choice but to establish a new website specifically for live auctions, as their main domain was rendered inaccessible mere days before a planned auction of artwork valued at around $840 million.
RansomHub has recently surfaced on a dark web platform, where it has openly admitted to orchestrating the attack on Christie’s and asserted that it obtained customer names and birth dates. While the authenticity of these claims cannot be independently verified at present, given RansomHub’s track record, there is a possibility of truth in their assertions.
The origins of RansomHub can be traced back to the disappearance of ALPHV, also known as BlackCat, a ransomware-as-a-service platform. In this model, one group develops and maintains the ransomware, while others, referred to as affiliates, carry out the actual hacking and data encryption. When successful, affiliates receive a portion of the ransom, with the remainder going to the developers. However, in the case of ALPHV, the developers absconded after a significant breach involving Change Healthcare, leaving the affiliate with a substantial amount of stolen data but no share of the ransom.
Subsequently, this affiliate evolved into RansomHub and attempted to extort Change Healthcare independently, highlighting the complexities and risks associated with the ransomware ecosystem.