Auction Software Provider Hit with Foreign Ransomware Attack

Several sports memorabilia auction sites have been impacted by a ransomware attack on the software company that hosts them.

Bob Freedman, the owner of SimpleAuctionSite, says a message suddenly appeared on his company’s server around 11:30 PM last Thursday from a group that had somehow infiltrated the platform and was essentially holding him and about 150 of his customers hostage.  The group, believed to be affiliated with organized crime in Russia, had in fact, encrypted his servers and deleted backup systems.

The high tech intrusion was sudden but extremely effective.

Freedman, who provides auction management for numerous companies in the sports collectibles space, had dealt with malware attacks in the recent past, some wreaking havoc on high profile auctions just as they were about to close.  Thursday night’s attack was something more costly.

“Never in my life have I encountered anything like this,” he told Sports Collectors Daily on Monday, as he continued working through a multi-tiered process he hopes will bring the auction company auction platforms back online. “It’s very brazen.”  Part of that process involves a sizeable ransom payment to the hackers, who typically provide specific instructions on how to satisfy their demands before they are willing to turn over the information needed to unlock the servers they take over. 

Freedman hired Spear Tip, a professional services company that specializes in ransomware attacks.  Law enforcement agencies were also notified.  After learning of the attack, Freedman spent a gut-churning 48 hours before Spear Tip was able to begin communicating with the Russian group.

“They don’t work weekends,” he said.

Among the dozens of companies who saw their online auction pages go offline were Goldin Auctions, which has delayed its final auction of 2020 until January 3, VSA Auctions, which had been in the final hours of bidding when the attack occurred, Sterling Sports Auctions, which had been scheduled to open the day after the attack, Classic Auctions, MeiGray Auctions, SCP Auctions, MEARS, Love Of The Game Auctions and BST Auctions.  Freedman’s largest customers are those outside the sports memorabilia realm, however.  Some of them were in the middle of conducting auctions when the shutdown took place.

According to Check Point Software Technologies, ransomware attacks in the United States doubled in the third quarter of 2020, making it the most targeted country in the world.

How the group infiltrated SimpleAuctionSite’s system won’t be known until Freedman and his associates are able to unencrypt the files and examine the breach more thoroughly.

Some hackers will target customer data, which they threaten to sell and expose credit card numbers, other sensitive financial data or records but the majority of ransomware cases do not involve data snatches. The threat actors are simply looking for a quick payday.

Freedman says a full audit will be completed once he is able to resume full control of the servers, something he hopes can happen no later than mid-week, once the hackers relinquish their hold.