Sterling Auctions Site Up *DO NOT BID at this time*

[Golfguy]

Well if it's ransomware it means someone has control of their servers. That means they have control of ALL info. So if they keep credit card info on file, it's in there. I don't believe they encrypt passwords, so there's that too. If you use the same passwords for important things such as credit cards, banking, etc., you might want to make some changes. I know some are joking on this thread, but this is serious. ALL of SA customers (auction houses) have been compromised.

[Mark17]

Quote:

Originally Posted by Golfguy

Well if it's ransomware it means someone has control of their servers. That means they have control of ALL info. So if they keep credit card info on file, it's in there. I don't believe they encrypt passwords, so there's that too. If you use the same passwords for important things such as credit cards, banking, etc., you might want to make some changes. I know some are joking on this thread, but this is serious. ALL of SA customers (auction houses) have been compromised.

I'm also wondering if info related to sales tax exemption for resellers might be on those servers. Application for tax exemption might include SSN.

[Exhibitman]

[bobfreedman]

Net54 Members, the threat actors have encrypted our servers and the firm we have hired to negotiate with the threat actors have told us that the threat actors usually do not steal the data in these instances but anything is possible, We have Cyber insurance and we have been told that a full forensic analysis will be done once the key to the encryption has been delivered (we have paid the ransom and are awaiting the keys but we have been told that the threat actors usually do not work on the weekends). I wish I had more answers and understandings of why this has happened and when it will end. We will get answers to you as quickly as possible and thank you for your patience and support

[Tao_Moko]

My business site does not provide access to payment info. That is handled through my merchant and even I do not see payment info beyond last four. Though refunds are possible, no money can be withdrawn beyond the initial approved transaction. Name, addresses, email and phone numbers are accessible.

[Shoeless Moe]

...

[toledo_mudhen]

Quote:

Originally Posted by Golfguy

Well if it's ransomware it means someone has control of their servers. That means they have control of ALL info. So if they keep credit card info on file, it's in there. I don't believe they encrypt passwords, so there's that too. If you use the same passwords for important things such as credit cards, banking, etc., you might want to make some changes. I know some are joking on this thread, but this is serious. ALL of SA customers (auction houses) have been compromised.

Up until recently - Ransomware HAS NOT also attempted to steal the data. Best "guesstimates" currently put it at a 1 in 10 chance that the attackers are interested in stealing data.

I m involved with Information Security as a profession and in my experience - the attackers are really only interested in getting paid (usually thru Bitcoin as it is almost impossible to trace). Additionally, In almost ALL cases - once the payment is made the victim WILL receive instructions on how to recover their data.

In my opinion - there are many more $$ and much less chance of getting caught by doing what they do best - extorting cash from their victims.

https://blog.emsisoft.com/en/36569/t...an-one-in-ten/

A well designed security posture can nearly eliminate Ransomware Breach but can get quite expensive and smaller companies struggle with trying to provide adequate security against ALL Internet perils.

[bobbyw8469]

Quote:

Originally Posted by toledo_mudhen

Up until recently - Ransomware HAS NOT also attempted to steal the data. Best "guesstimates" currently put it at a 1 in 10 chance that the attackers are interested in stealing data.

I m involved with Information Security as a profession and in my experience - the attackers are really only interested in getting paid (usually thru Bitcoin as it is almost impossible to trace). Additionally, In almost ALL cases - once the payment is made the victim WILL receive instructions on how to recover their data.

In my opinion - there are many more $$ and much less chance of getting caught by doing what they do best - extorting cash from their victims.

https://blog.emsisoft.com/en/36569/t...an-one-in-ten/

A well designed security posture can nearly eliminate Ransomware Breach but can get quite expensive and smaller companies struggle with trying to provide adequate security against ALL Internet perils.

What is to prevent the Ransom Wear people from extorting money indefinitely??

[toledo_mudhen]

Quote:

Originally Posted by bobbyw8469

What is to prevent the Ransom Wear people from extorting money indefinitely??

Yea - that's the problem. You have to get to a point where you can actually prevent these from getting in. Here again - Lot's of $$.

I believe that in Sterling's case the issue was on the Simple Auction provider (cloud?) side and not on the Sterling Side. So not only do you have to protect yourself - you have to be reasonably sure that the companies you do business with are also protecting themselves.

[Aquarian Sports Cards]

Quote:

Originally Posted by toledo_mudhen

you have to be reasonably sure that the companies you do business with are also protecting themselves.

+1000

[darwinbulldog]

Seems like Simple Auctions just played the role of SolarWinds if you've been following that story.

[toledo_mudhen]

Yep - Entire last week has consisted of me reassuring the State of Texas that we are unaffected by the Solar Winds Breach.

Note that the Solar Winds deal was an actual "Stealth Hack" for the specific purpose of stealing information (and I think we have just discovered the tip of the iceberg on it)

Ransomware - Not stealthy at all - It's in your face - pay me or face the consequences