The Clop ransomware gang, believed to be operating from Russia has claimed responsibility for the MOVEit hack which has affected hundreds of organisations around the world. The cybercrime gang has issued an ultimatum to BBC, British Airways and Boots among other companies to email them on or before June 14, presumably for ransom negotiations, otherwise all the stolen data will be made public.
The attack focused on exploiting a zero-day vulnerability in MOVEit, a software used by companies to securely transfer files between different parties. Microsoft researchers tracked the vulnerability as CVE-2023-34362 and attributed the attack to Clop, who they track as Lace Tempest on June 5. The attribution was based on the fact that the ransomware group had used similar vulnerabilities in the past to steal data. Since then, this has now been confirmed with Clop’s admission to the hacks and the fact that it has been exploiting this vulnerability since May 27.
Clop admitted to the hacks in a long post on their exploit site which asks affected organisations to send them an email so that ransom negotiations can begin on the group’s dark web site. This isn’t usually the case with ransomware attacks as victims tend to receive individual emails from their attackers.
However, there’s a good chance that Clop itself is overwhelmed by the amount of data and the number of companies this attack affected and is betting on putting out a public announcement. The group didn’t share the number of victims either but did mention that if an affected company failed to get in touch with them by July 14 their data would be posted on the group’s leak site.
Among the affected companies is UK-based payroll services provider Zelle, which in turn has informed eight more companies that their data including home addresses, national insurance numbers and in some cases, bank details have been stolen in the hack. These companies include BBC, British Airways, Aer Lingus and Boots among others. Nova Scotia Government and the University of Rochester were also affected by the attack and are warning staff members that their data may have been exposed.
Clop also claims that any data stolen from government, city or police services has been deleted and the respective departments don’t need to reach out. That said, experts warn against trusting hackers as such information is often useful in terms of either monetary value or can be used for phishing attacks and its unlikely that a ransomware group will simply pass on such valuable data.
In the News: Karnataka’s drive for Aadhaar linkage raises privacy concerns