The IT Nerd

News has emerged that the hacker group known as RansomHub is threatening to release the sensitive data of high-end Christie’s art auction house in New York, including financial data and client addresses by the end of May, if no ransom is paid:

Now, RansomHub has posted a new thread on a dark web site, assuming responsibility for the attack, and claiming it grabbed customer names and birth dates. At this moment it is impossible to verify the authenticity of the claims, but with RansomHub’s history, it’s possible they are telling the truth.

RansomHub was born out of the disappearance of the ransomware-as-a-service known as ALPHV, or BlackCat. 

With a ransomware-as-a-service model, one group builds and maintains the malware while others, called affiliates, do the actual breaching and encrypting. When affiliates successfully extort money from a victim, they get a piece of it, while a piece goes to the developers. When an ALPHV affiliate breached Change Healthcare earlier this year, they allegedly successfully extorted the healthcare giant for $22 million. However, when it was time to split the prize, the developers took all of it and just disappeared, leaving the affiliate with roughly 4TB of stolen sensitive data.

This affiliate was later named RansomHub and it tried, on its own, to extort Change Healthcare again. 

In Christie’s case, the group said it would release the timer by the end of May, since it couldn’t come to an agreement with the company.

Darren Williams, CEO and Founder, Blackfog had this to say:

 “The clock is ticking for Christies Art House who has a major decision to make now that criminal gang RansomHub has implemented a payment deadline.  With the personal and financial data belonging to their high-profile clients at risk, this is indeed quite worrying. 

The ‘to pay or not to pay’ dilemma is a serious issue for all types of organisations who are facing a rising wave of ransomware attacks. High profile organisations such as Christie’s, which sells high value items upwards of £600 million, will always be on the radar or cyber attackers looking for a quick win with large financial gain. 

Once the data is in the hands of the attackers, the focus must be on handling the incident and repercussions as quickly as possible, leaning on experts to help ease the process when possible.  Once the clean up is done, the focus must shift to preventing these attacks in the future by implementing technology designed to prevent the exfiltration of data, mitigating the risks of future attacks and extortion.”

RansomHub, the attacker group behind this attack, is quite new, first identified by BlackFog in February of this year. The criminal gang has since claimed attacks on multiple organisations – notably UnitedHealth Group, American Clinical Solutions and now Christie’s art auction house in New York.

It will be interesting to see what happens next as we’re only two days from the end of May. I’m pretty sure that this group will release some sort of data in retaliation for not getting paid. But not paying them is the correct course of action as cybercrime groups cannot be allowed to succeed in terms of extorting money from their victims.

This entry was posted on May 28, 2024 at 10:30 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.