Potentially hundreds of companies worldwide are facing extortion by the Clop ransomware group, which exploited a vulnerability in the file transfer tool MOVEit to breach computer networks and steal sensitive information.
Clop published an extortion note, warning that businesses needed to contact the gang or risk being named on their extortion site. While the exact number of affected companies remains unknown, security researchers have identified thousands of exposed instances of MOVEit, with several high-profile organizations already compromised.
The ransomware group set an initial deadline of June 12 for the victims to respond, after which they threatened to publicly name them. The date was later extended to June 14, possibly due to the Russian national holiday on June 12.
The extortion note outlined a series of steps, including providing proof of data and negotiating a price for its deletion, with a warning that failure to reach an agreement would result in data publication.
Though the exact scope of the hacking campaign is uncertain, researchers found over 2,000 exposed instances of MOVEit, with a majority located in the United States. The compromise of a single company, Zellis, a payroll services provider, led to the compromise of several other businesses in Britain and Ireland, including the BBC, British Airways, Boots, and Aer Lingus.
The U.S. Cybersecurity and Infrastructure Security Agency issued an advisory highlighting Clop’s history of compromising thousands of organizations globally.
Clop had previously targeted vulnerabilities in Fortra’s GoAnywhere file transfer product, stealing data from over 130 companies, governments, and organizations. Cybersecurity experts cautioned that numerous state and federal agencies in the U.S. were MOVEit users, potentially exposing sensitive documents.
In their recent post, Clop assured government, city, and police services that their data had been erased and they need not contact the group. The case of the Babuk ransomware group, which shut down in 2021 after targeting the District of Columbia’s police department, serves as a reminder of the risks these groups face when drawing excessive law enforcement attention.
