In a recent cyber attack, the renowned auction house Christie’s website fell victim to a hacker group known as RansomHub. Just days before its marquee spring sales were set to begin, Christie’s experienced a “technology security incident.” The outages started around May 9 and persisted into the following week. The ransomware attack, which occurred just before Christie’s high-profile spring sales, forced the company to switch to phone and in-person bidding.
Now, RansomHub has claimed responsibility for the attack, in a dark web post, alleging that it stole data from “at least 500,000 of their private clients from all over the world.”. They provided a few names and birthdays as proof, but these claims haven’t been independently verified. Cybersecurity experts familiar with RansomHub consider them a credible ransomware group, making the claim believable.
The extent of the data breach remains unclear. RansomHub hasn’t revealed if they accessed more sensitive details like financial records or client addresses. They threatened to release the stolen data by the end of May, according to a posted countdown timer.
Christie’s acknowledged the attack in a statement, confirming unauthorized access to parts of their network by a third party. Spokesperson Edward Lewine stated that the attackers did manage to steal “some limited amount of personal data” but assured the public that “there is no evidence” of compromised financial or transactional records. The statement also mentioned that Christie’s refused to pay a ransom demand made by the hackers.
Who is RansomHub? This relatively new ransomware group is believed to have ties to Russia. Since February 2024, we’ve tracked 71 attacks attributed to RansomHub, with 66 remaining unconfirmed and five confirmed. Notably, RansomHub previously claimed possession of data stolen in the Change Healthcare attack, following Change Healthcare’s payment of a $22 million ransom to ALPHV/BlackCat.
In the case of Christie’s, RansomHub is employing a double-extortion technique. They demand a ransom for a decryption key to unlock the company’s systems and another for deleting all the stolen data. Christie’s, headquartered in London and established in 1766, specializes in art and luxury goods. Over the years, it has hosted record-breaking auctions, including the Paul G. Allen collection, which exceeded $1.5 billion.
