Sandhills online machinery markets shut down by ransomware attack

Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations.

Sandhills Global is a US-based trade publication and hosting company catering to the transportation, agriculture, aircraft, heavy machinery, and technology industries.

Sandhills publishes various printed and hosted trade publications containing industry news and a marketplace for dealers to sell related new and used machinery.

Sandhills hit with a ransomware attack

Starting yesterday, the website for Sandhills Global and all of their hosted publications went offline, and their phones stopped working.

When attempting to access websites hosted on Sandhills' platform, users are greeted with a Cloudflare Origin DNS error page, indicating that Cloudflare is unable to connect to Sandhills' servers.

Cloudflare error 1016 when attempting to connect to Sandhills' sites

Numerous sources have told BleepingComputer that a Conti ransomware attack is behind these outages.

This attack reportedly took place in the early morning hours of Thursday, causing the company to shut down all of its IT systems to prevent the attack's spread.

Some of the well-known publications operated by Sandhills that are no longer accessible include Truck Paper, TractorHouse, AuctionTime, Machinery Trader, ForestryTrader, HiBid, RentalYard, Motorsports Universe, CraneTrader, MarketBook, RV Universe, Oil Field Trader, Aircraft, LiveStockMarket, Controller, and Aircraft.com.

The Conti ransomware gang has been responsible for a wide range of attacks over the years, including high-profile attacks against the JVCKenwood, the City of Tulsa, Ireland's Health Service Executive (HSE), and Advantech.

When conducting attacks, the Conti gang usually steals files before encrypting devices to use as extra leverage during their extortion attempts. They then demand multi-million ransom demands to receive a decryptor and not leak stolen data.

It is unknown how much the Conti is demanding from Sandhills and whether they stole data during the attack.

BleepingComputer has contacted Sandhills with questions about the attack but has not received a response at this time.

While Sandhills Global has not responded to our emails, an email sent to customers and shared with BleepingComputer confirm the ransomware attack. 

Sandhills Global is currently responding to a ransomware attack that impacted our operations.  Systems and operations have been temporarily shut down to protect data and information, and we have retained cybersecurity experts to assist us with the investigation, which is ongoing.  We are working actively and diligently with the assistance of our retained experts to fully restore operations.  

At this time, we are continuing to investigate whether any of our client's information has been accessed or impacted by this incident.  At this time, we have not discovered evidence that confirms that customer information has been compromised.  Please know that our clients are our number one priority and we are working diligently to restore operations and remediate the attack.  At this time, our ability to respond to your messages may be delayed. We appreciate your patience and deeply regret any inconvenience this may cause.

We will provide updates regarding this matter and the status of our services as soon as possible.  

Update 10/3/21: Added statement sent to Sandhills customers