Heritage Auctions, a Dallas-based auction house, was hit by a ransomware attack on Friday that took its website offline through the weekend.
Many auctions were rescheduled and some Friday bids were lost, but customer data was not leaked, according to updates posted on the company’s website.
The website was back up by Tuesday afternoon. It was a substantial disruption for a company that does a majority of its sales online.
The international firm is the third-largest auction house in the world, behind Sotheby’s in New York and Christie’s in London, and had over $825 million in sales in 2018. It runs a popular website with over a million users, where enthusiasts can bid on art and collectibles.
A spokesman for the company told the Observer that it had been victim of a “vicious” ransomware attack that had targeted its website and that the company had refused to pay the attackers, opting instead to “restore service on our own.”
The company was one of more than 350 victims of this same attack and worked with Microsoft to restore services, he said.
Its phone and email systems remain unaffected and no financial information was exposed, according to a statement posted on the company's website and social media.
Cyberattacks on businesses can take many forms, such as stealing customer data and overloading servers with bogus traffic. In a ransomware attack, attackers disable key infrastructure and demand a bounty to restore it.
Ransomware has become an increasingly common threat for online businesses. Attacks on companies “shot through the roof in the last quarter of 2018,” according to a report from MalwareBytes, a security research firm. They rose nearly 400% from the previous quarter and then continued to rise in 2019. Texas businesses were some of the most frequent targets.
Local governments also have been hit. More than 20 government entities across Texas, most in rural areas, were victims of a coordinated ransomware attack in August. No one paid the ransom, but nearly three weeks later many were still struggling to return to normal operations.
According to ZDNet, “REvil” software was used in that attack. It’s a common type of ransomware typically used by financially motivated hackers to obtain payouts from frustrated victims.
Keene, a city outside Fort Worth with a population of 6,000, was unable to process utility payments in the wake of the attack. Its mayor said that attackers were demanding a $2.5 million ransom to restore services across the state.
Although Texas cities refused to pay, cities in other states have ponied up. In Lake City, Florida, officials paid hackers nearly $500,000 to unlock their systems earlier this year.
Former U.S. counterterrorism coordinator Richard Clarke has long warned that the United States faces a dire threat from cyberterrorism and that coordinated attackers could disable power grids and halt transit. He has said that while large corporations have successfully beefed up their cybersecurity, it’s unreasonable to expect local municipalities and small to midsize companies to defend themselves. In a book published earlier this year, he proposed the creation of a single government office to coordinate a national cybersecurity effort.
Lawmakers are inching closer to making this a reality. In late September, the Senate passed a bill requiring the Department of Homeland Security to staff dedicated cyberattack response teams to provide assistance to federal agencies, local governments and private corporations. A similar bill was passed by the House earlier this year.
In the fallout of the attack, Heritage Auctions asked its customers to verify their Friday bids and extended the closing times for current auctions.
The final day for bidding on one of the company’s highest-profile auctions, the web address Democracy.com, has been pushed back, as has the close for a batch of Civil War memorabilia that includes photos of female soldiers who lied about their genders to risk their lives on the battlefield.
On an online forum run by Collectors Universe, Heritage Auctions’ customers expressed relief that their sensitive information was protected but urged the company to share more details.
A user named alefzero wrote on Monday afternoon, “Their business is based on trust and Heritage really needs to convince the community that they are safe bidding once they resume operations.”
Keep the Dallas Observer Free... Since we started the Dallas Observer, it has been defined as the free, independent voice of Dallas, and we would like to keep it that way. Offering our readers free access to incisive coverage of local news, food and culture. Producing stories on everything from political scandals to the hottest new bands, with gutsy reporting, stylish writing, and staffers who've won everything from the Society of Professional Journalists' Sigma Delta Chi feature-writing award to the Casey Medal for Meritorious Journalism. But with local journalism's existence under siege and advertising revenue setbacks having a larger impact, it is important now more than ever for us to rally support behind funding our local journalism. You can help by participating in our "I Support" membership program, allowing us to keep covering Dallas with no paywalls.