Sandhills online machinery markets shut down by ransomware attack
Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations.
Sandhills Global is a US-based trade publication and hosting company catering to the transportation, agriculture, aircraft, heavy machinery, and technology industries.
Sandhills publishes various printed and hosted trade publications containing industry news and a marketplace for dealers to sell related new and used machinery.
Sandhills hit with a ransomware attack
Starting yesterday, the website for Sandhills Global and all of their hosted publications went offline, and their phones stopped working.
When attempting to access websites hosted on Sandhills’ platform, users are greeted with a Cloudflare Origin DNS error page, indicating that Cloudflare is unable to connect to Sandhills’ servers.
Numerous sources have told BleepingComputer that a Conti ransomware attack is behind these outages.
This attack reportedly took place in the early morning hours of Thursday, causing the company to shut down all of its IT systems to prevent the attack’s spread.
Some of the well-known publications operated by Sandhills that are no longer accessible include Truck Paper, TractorHouse, AuctionTime, Machinery Trader, ForestryTrader, HiBid, RentalYard, Motorsports Universe, CraneTrader, MarketBook, RV Universe, Oil Field Trader, Aircraft, LiveStockMarket, Controller, and Aircraft.com.
The Conti ransomware gang has been responsible for a wide range of attacks over the years, including high-profile attacks against the JVCKenwood, the City of Tulsa, Ireland’s Health Service Executive (HSE), and Advantech.
When conducting attacks, the Conti gang usually steals files before encrypting devices to use as extra leverage during their extortion attempts. They then demand multi-million ransom demands to receive a decryptor and not leak stolen data.
It is unknown how much the Conti is demanding from Sandhills and whether they stole data during the attack.
BleepingComputer has contacted Sandhills with questions about the attack but has not received a response at this time.