New victims come forward after mass-ransomware attack
Reading Time: 3 minutesHitachi Energy also confirmed this week that some of its employee data had been stolen in a similar incident involving its GoAnywhere system, but saying the incident happened at Fortra.
Over the past few days, the Russia-linked Clop gang has added several other organizations to its dark web leak site, which it uses to extort companies further by threatening to publish the stolen files unless a financial ransom demand is paid.
However, while the number of victims of the mass-hack is widening, the known impact is murky at best.
‘130 organizations’
Since the attack in late January or early February — the exact date is not known — Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization’s network that allows companies to securely transfer huge sets of data and other large files.
It isn’t clear if Fortra, which has not publicly commented on the incident, knows yet which customers are affected. When reached by email prior to publication, Fortra spokespeople Mike Devine and Rachel Woodford would not comment or provide answers to any of our questions, including whether Fortra’s in-house GoAnywhere systems hosting customers’ data were also hit by the mass-hack.
Details only came to light on February 2 after independent security reporter Brian Krebs first reported details of the bug, which Fortra had hidden behind a login screen on its website. Fortra released security fixes for GoAnywhere five days later on February 7.
By then, the hackers had already stolen reams of data from numerous victims.
Healthcare giant Community Health Systems, one of the largest healthcare providers in the United States, was first to confirm that it was one of the 130 alleged companies fallen victim to the hack, saying at least 1 million patients had their health information stolen from its affected GoAnywhere system. Digital finance giant Hatch Bank was next to confirm a breach linked to the GoAnywhere bug, then cybersecurity giant Rubrik. The list continues to grow.
Listed companies deny data thefts
‘Our forensics further prove our conclusion on this matter,’ said AvidXchange spokesperson Olivia Sorrells. ‘Fortra notified AvidXchange of the vulnerability, remediation, and the results of their investigation regarding AvidXchange’s GoAnywhere account the week that the [vulnerability] was announced,’ the spokesperson said. ‘GoAnywhere took AvidXchange’s instance offline once GoAnywhere became aware of the incident to further prevent unauthorized access to the platform.’
Clop’s leak site says that data from AvidXchange is ‘coming soon.’
A number of other organizations recently added to Clop’s site declined to comment when asked if their GoAnywhere systems — most believed to be hosted by Fortra — were affected.
That includes Swiss pharmaceutical giant Galderma, whose spokesperson Christian Marcoux declined to answer our questions; healthcare call center provider ITx Companies, whose CEO Philip Gower declined to comment; child mental health startup Brightline, whose CEO Naomi Allen deferred to spokesperson John O’Connor, who declined to comment; events planner Emerald Expositions, whose spokesperson Beth Cowperthwaite declined to comment; and MedMinder, whose spokesperson Stacy Clougherty said MedMinder is ‘aware of the allegations’ but declined to comment further while the company investigates.
None of the companies disputed that they are GoAnywhere customers.
Other identified GoAnywhere users did not respond to multiple requests for comment, including Canadian rehab and mental health provider Homewood Health, England-based affordable housing provider Guinness Partnership, retail banking company Avidia Bank, Medex Healthcare, Cornerstone Home Lending and Colombian energy giant Grupo Vanti.
Lorenzo Franceschi-Bicchierai contributed.
Reference: https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG