Illinois state agencies are grappling with the repercussions of a widespread ransomware attack that targeted third-party file transfer software MOVEit Transfer in late May. The Cybersecurity and Infrastructure Security Agency (CISA) identified a zero-day vulnerability exploited by the CL0P ransomware group on May 27. The ransomware operators, claiming to have stolen data from numerous organizations, set a deadline of June 14 for victims to contact them, threatening to expose non-cooperative entities later in the month. Progress Software, the company behind MOVEit, acknowledged the vulnerability on May 31, with known victims including the Minnesota Department of Education and the UK’s Ofcom.
In response to the attack, the Illinois Department of Innovation and Technology (DoIT) took swift action, disconnecting all systems utilizing the compromised software and initiating a forensic analysis by its security incident response team. While the full extent of the impact is still under investigation, the DoIT is advising affected agencies and planning to issue a public notice once the affected individuals are identified. The department aims to establish a call center to assist and address questions from those impacted. Sanjay Gupta, the state CIO and DoIT acting secretary, emphasized the rapid response in evicting the attacker within three hours and securing the vulnerable system.
The ransomware incident underscores the vulnerabilities in third-party software and the significant challenges faced by state agencies in safeguarding sensitive data. As the investigation progresses, the focus remains on mitigating the impact, identifying affected individuals, and providing support through public notices and assistance centers. The situation highlights the ongoing threat landscape and the importance of robust cybersecurity measures to protect critical infrastructure and sensitive information from evolving cyber threats.
