Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities
Reading Time: 3 minutesClop, the ransomware gang responsible for exploiting a critical security vulnerability in a popular corporate file transfer tool, has begun listing victims of the mass-hacks, including a number of U.S. banks and universities.
The Russia-linked ransomware gang has been exploiting the security flaw in MOVEit Transfer, a tool used by corporations and enterprises to share large files over the internet, since late May. Progress Software, which develops the MOVEit software, patched the vulnerability — but not before hackers compromised a number of its customers.
While the exact number of victims remains unknown, Clop on Wednesday listed the first batch of organizations it says it hacked by exploiting the MOVEit flaw. The victim list, which was posted to Clop’s dark web leak site, includes U.S.-based financial services organizations 1st Source and First National Bankers Bank; Boston-based investment management firm Putnam Investments; the Netherlands-based Landal Greenparks; and the U.K.-based energy giant Shell.
GreenShield Canada, a non-profit benefits carrier that provides health and dental benefits, was listed on the leak site but has since been removed.
Other victims listed include financial software provider Datasite; educational non-profit National Student Clearinghouse; student health insurance provider United Healthcare Student Resources; American manufacturer Leggett & Platt; Swiss insurance company ÖKK; and the University System of Georgia (USG).
Clop, which like other ransomware gangs typically contacts its victims to demand a ransom payment to decrypt or delete their stolen files, took the unusual step of not contacting the organizations it had hacked. Instead, a blackmail message posted on its dark web leak site told victims to contact the gang prior to its June 14 deadline.
No stolen data has been published at the time of writing, but Clop tells victims that it has downloaded ‘alot [sic] of your data.’
New victims come forward
Multiple organizations have previously disclosed they were compromised as a result of the attacks, including the BBC, Aer Lingus and British Airways. These organizations were all affected because they rely on HR and payroll software supplier Zellis, which confirmed that its MOVEit system was compromised.
The Government of Nova Scotia, which uses MOVEit to share files across departments, also confirmed it was affected, and said in a statement that some citizens’ personal information may have been compromised. However, in a message on its leak site, Clop said, ‘if you are a government, city or police service… we erased all your data.’
While the full extent of the attacks remains unknown, new victims continue to come forward.
Johns Hopkins University this week confirmed a cybersecurity incident believed to be related to the MOVEit mass-hack. In a statement, the university said the data breach ‘may have impacted sensitive personal and financial information,’ including names, contact information, and health billing records.
Ofcom, the U.K.’s communications regulator, also said that some confidential information had been compromised in the MOVEit mass-hack. In a statement, the regulator confirmed that hackers accessed some data about the companies it regulates, along with the personal information of 412 Ofcom employees.
Many more victims are expected to be revealed in the coming days and weeks, with thousands of MOVEit servers — most located in the United States — still discoverable on the internet.
Researchers also report that Clop may have been exploiting the MOVEit vulnerability as far back as 2021. American risk consulting firm Kroll said in a report that while the vulnerability only came to light in late-May, its researchers identified activity indicating that Clop was experimenting with ways to exploit this particular vulnerability for almost two years.
‘This finding illustrates the sophisticated knowledge and planning that go into mass exploitation events such as the MOVEit Transfer cyberattack,’ Kroll researchers said.
Clop was also responsible for previous mass-attacks exploiting flaws in Fortra’s GoAnywhere file transfer tool and Accellion’s file transfer application.
Reference: https://techcrunch.com/2023/06/15/moveit-clop-mass-hacks-banks-universities/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG