Sterling Auctions Site Up *DO NOT BID at this time*

[Aquarian Sports Cards]

Quote:

Originally Posted by drcy

I think Scott's assessment makes sense. If they were stealing personal financial information, they wouldn't say anything. They would try to be completely covert about that.

Except that most of the time the guys who steal the info aren't stealing it to use it but rather to sell it.

[oldjudge]

What auctions use simple auctions?
“the threat actors do not work on weekends”—really? This is a nine to five job? Better hope that they have not taken off for a Christmas vacation.
Once you pay a ransom to unlock your site what is to prevent these people from not turning it back on and simply asking for more money? What can you do to safeguard your site from ransom ware and why wasn’t it done before?

[Exhibitman]

Quote:

Originally Posted by oldjudge

What auctions use simple auctions?
“the threat actors do not work on weekends”—really? This is a nine to five job? Better hope that they have not taken off for a Christmas vacation.
Once you pay a ransom to unlock your site what is to prevent these people from not turning it back on and simply asking for more money? What can you do to safeguard your site from ransom ware and why wasn’t it done before?

I got hit with a crude version of this stuff several years ago. Nasty bug on a state gov't web site. I elected to wipe my hard drive and start over with a back-up. I lost a bit of data and some time and some IT costs but did not pay the extortion demand.

So what can Simple Auctions do? There should be back-ups kept elsewhere so that when the one is locked the data can be restored with only a small disruption and loss. The back-ups should run frequently, at least daily. Or the data can be stored on a cloud-based app which makes this sort of attack meaningless, more or less. If they had a single server with no back-ups, shame on them.

Also stop downloading porn.

[Fred]

In simple terms, what is the exposure to bidders of auction houses that use the Simple Auction service?

As mentioned before, what auction houses use the Simple Auction platform?

There are several auction services that are probably similar to Simple Auctions, so the assumption here is that any one of them could have had this happen to them.

[Throttlesteer]

True, and the smartest thing to do is bring everything down when you realize one of the sites has been hacked.

[sb1]

Apparently it has impacted email accounts for Simple AH clients as well. I have not been able to send or receive emails at my two brockelmanauctions.com email accounts. Anyone needing to contact me can PM me here, until they are restored.

Scott

[BRoberts]

Quote:

Originally Posted by Fred

There are several auction services that are probably similar to Simple Auctions, so the assumption here is that any one of them could have had this happen to them.

This is a ridiculous assumption. True, any website or platform can be compromised. But to assume that because one auction service is "similar" to Simple Auctions that auction service is just as vulnerable is missing the point. If the people running auction platforms do things like implement proper security, have proper monitoring software and upgrade their software when they see red flags (as Simple Auctions saw throughout 2020) then it's not a case of "this could happen to anyone."

[philo98]

Ive been in contact with a few of the AH's and it seems they will be up and running this afternoon.

[swarmee]

It was mentioned on the other board that it might be illegal currently to pay ransomware extortion. So not sure if this opens up the site to federal issues.

[Mark17]

Quote:

Originally Posted by Aquarian Sports Cards

Except that most of the time the guys who steal the info aren't stealing it to use it but rather to sell it.

Right. These are thieves. They have a primary target and probably a secondary one as well. A car thief might be after the McLaren, but if there's a briefcase with money on the front seat, he'll take that too.

[arcadekrazy]

As someone who has consulted for companies that have been the victims of ransomware, here’s my experience (and these are my experiences only - I have no knowledge of the exact variant of ransomware that hit simple auction):

One customer paid the ransom, and the decryption key was never supplied. The threat actor simply stole the money and then disappeared.

Our other costumers simply restored from backup and ignored the threat actor.

In all cases, a forensic investigation was undertaken to determine both the mechanism of intrusion and the extent of data exfiltration. If data were indeed stolen, notifications were made to those individuals affected. There are laws (GDPR in europe and CCPA in California, to name two) which require the users of the affected platform to be notified if their PII has been stolen.

Also, Some new variants of ransomware do indeed steal data and threaten to release said data if the ransom is not paid.

My heart goes out to Bob at simple auction - this is a shitty situation.