The notorious ransomware gang, Clop, carried out a mass hack exploiting a security flaw in MOVEit – the popular file transfer tool. It has also released the first list of victims, which includes several global companies.
Clop, with links to Russia, began exploiting the security vulnerability in late May.
The gang has cited several US universities and financial institutions as potential victims of future cyberattacks.
Generally, corporations and businesses use Progress Software developed MOVEit Transfer to share large files online. The maker has sweetly responded with a patch to address the vulnerability. However, numerous customers have already experienced security breaches.
The List of Victims
Clop published the list of victims on its dark web leak site. They include prominent US financial institutions like 1st Source, First National Bankers Bank, and Boston’s investment management firm Putnam Investments.
Global companies like Netherlands-based Landal Greenparks and UK energy powerhouse Shell also appeared on the list.
Other victims included Datasite, National Student Clearinghouse, Leggett & Platt, United Healthcare Student Resources, etc.
German mechanical engineering company Heidelberg, named as a victim on the list, acknowledged the attack. A spokesperson confirmed that the company was “well aware” of the incident. He stated it was swiftly addressed and didn’t result in a data breach.
Notably, no stolen data has been published to date, though Clop claimed it has procured substantial amounts of victim data.
While Clop didn’t directly contact the hacked organizations, it posted a blackmail message on its leak site. The said message invited victims to reach out before a June 14 deadline.
Multiple organizations, like BBC, Aer Lingus, British Airways, and the Government of Nova Scotia, had previously reported compromises resulting from these attacks. They were reliant on the compromised MOVEit system supplied by HR and payroll software provider Zellis.
Additionally, Johns Hopkins University confirmed a cybersecurity incident. It’s being said that the attack is connected to the MOVEit mass hack. The said incident has probably impacted sensitive information like names, contacts, health billing records, etc.
Transport for London (TfL) and global consultancy firm Ernst and Young have also reportedly experienced breaches. However, according to the BBC, neither organization provided any response to these claims.
The full scale of the attacks is yet to be determined. However, the fallout will probably be escalated as uncountable MOVEit servers located in the US are still accessible online. That’s why it is imperative to have the best antivirus for servers.
According to a report from American risk consulting firm Kroll, Clop’s exploitation of the MOVEit vulnerability may have begun as early as 2021. It’s been almost two years prior to the flaw’s discovery.
Clop’s exploitation of MOVEit Transfer illustrates the sophisticated knowledge and planning that underpins such mass cyberattacks.Kroll’s researchers
Industry experts and security professionals have also identified Clop as the culprit in previous mass hacks. They include the exploitation of Fortra’s GoAnywhere file transfer tool and Accellion’s file transfer application. As the cybersecurity landscape continues to evolve, this incident underscores the growing threat of ransomware attacks to organizations worldwide.