Cyber Defense Advisors

Going going gone! Ransomware attack grabs Christie’s client data for a steal

Graham CLULEY

May 29, 2024

Promo Protect all your devices, without slowing them down. Free 30-day trial

The world-renowned auction house Christie’s has confirmed that it has fallen victim to a ransomware attack, seemingly orchestrated by a Russia-linked cybercriminal gang.

Two weeks ago the CEO of the world’s wealthiest auction house posted on LinkedIn blamed a “technology security incident” after the Christie’s website went unexpectedly offline.

Meanwhile, two employees of Christie’s told The New York Times described a “state of panic” at the auction house, with senior staff not answering workers’ questions about whether confidential data was being held to ransom.

Confirmation now appears to have emerged, with a posting on the dark web site of ransomware gang RansomHub claiming to have stolen personal information related to “at least 500,000” of Christie’s clients around the world, and giving the auction house less than a week to pay up.

According to the gang, it “attempted to come to a reasonable resolution” with Christie’s, but the auction house had stopped negotiating. RansomHub posted an image of what they claimed was some of the stolen data, which appeared to contain data derived from identification documents including people’s names, places and dates of birth, nationality and other passport details.

It is unclear what size of ransom the cybercriminals were hoping to extort from the auction house.

According to the latest statements by Christie’s, the organisation is working with the relevant authorities and regulators, and is informing affected clients of the security breach.  It has been at pains to emphasise that it has seen no evidence

Some auction sales were reportedly initially delayed as a result of the RansomHub cyber attack.  Past victims of RansomHub have included Change Healthcare, the city of Neodesha in Kansas, and a county sheriff’s office.

RansomHub has stated that it does not launch attacks against organisations based in Russia, Cuba, North Korea, China, or Romania, lending weight to the theory that the gang’s operators have strong connections to Russia.

Unfortunately this is not the first cybersecurity challenge that Christie’s has faced. Last year, for instance, security researchers uncovered a vulnerability on Christie’s website that could reveal the precise location of precious artworks when prospective sellers uploaded them in readiness for auction.