Christie's Auction House Hit by Ransomware Attack

Incident Date:

May 30, 2024

World map

Overview

Title

Christie's Auction House Hit by Ransomware Attack

Victim

Christies Auction House

Attacker

Ransomhub

Location

London, United Kingdom

, United Kingdom

First Reported

May 30, 2024

Ransomware Attack on Christie's Auction House

Company Profile

Christie's Auction House, founded in 1766 by James Christie, is a British company that has established itself as one of the world's premier art auction houses. Specializing in fine art, jewelry, antiques, and collectibles, Christie's boasts a significant global presence with salerooms in cities such as London, New York, Paris, and Hong Kong. In 2022, the company achieved a record-breaking $8.4 billion in sales of art and luxury goods.

Ransomware Attack Overview

The RansomHub ransomware group targeted Christie's Auction House through their website. The attackers claimed to have leaked personal information of 500,000 clients following a ransomware attack during an $840 million auction event. Christie's confirmed the data breach and subsequently took its website offline to investigate the incident. The company indicated that only a limited amount of personal data was accessed, with no financial records compromised.

Ransomware Group Profile

RansomHub is a new ransomware group known for its distinct approach of making claims and backing them up with data leaks. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub affiliates receive a substantial portion of the ransom money. Their ransomware strains, written in Golang, distinguish them in the ransomware landscape.

Company Vulnerabilities

As a renowned and high-profile entity in the art auction industry, Christie's Auction House is a prime target for threat actors like RansomHub. The company's extensive client base and valuable assets make it an appealing target for ransomware attacks. Moreover, the nature of Christie's operations, which involve high-value transactions and sensitive client information, heightens the risk of cyber threats.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.