Sandhills online machine markets shut down by ransomware attack
Industry publishing giant Sandhills Global has suffered a ransomware attack, rendering hosted websites inaccessible and disrupting their business operations.
Sandhills Global is a United States-based trade publication and hosting company catering to the transportation, agriculture, aviation, heavy machinery, and technology industries.
Sandhills publishes a variety of print and hosted trade publications featuring industry news and a marketplace for dealers to sell new and related used machinery.
Sandhills victim of ransomware attack
As of yesterday, the Sandhills Global website and all of their hosted posts went offline and their phones stopped working.
When attempting to access websites hosted on the Sandhills platform, users are greeted with a Cloudflare Origin DNS error page, indicating that Cloudflare is unable to connect to the Sandhills servers.
|Cloudflare error 1016 when trying to connect to Sandhills sites|
Many sources told BleepingComputer that a Conti ransomware attack was the cause of these outages.
This attack was said to have taken place early Thursday morning, forcing the company to shut down all of its computer systems to prevent the attack from spreading.
Some of the well-known publications operated by Sandhills which are no longer accessible include Truck Paper, TractorHouse, AuctionTime, Machinery Trader, ForestryTrader, HiBid, RentalYard, Motorsports Universe, CraneTrader, MarketBook, RV Universe, Oil Field Trader, Aircraft, LiveStockMarket, Controller and Aircraft.com.
The Conti ransomware gang has been responsible for a wide range of attacks over the years, including high profile attacks on JVCKenwood, the city of Tulsa, the Health Service Executive (HSE) of Ireland and Advantech.
When carrying out attacks, the Conti gang typically steals files before encrypting devices to use them as additional leverage in their extortion attempts. They then demand several million ransom demands to receive a decryptor and not disclose stolen data.
It’s unclear how much the Conti demand from the Sandhills and whether they stole any data during the attack.
BleepingComputer has contacted Sandhills with questions about the attack but has not received a response yet.