The names and company profiles of dozens of victims of a global mass hack have been published by a cyber-crime gang holding their stolen data for ransom.
The hacker group, Clop, began posting the names of companies it has breached to its website on the darkweb. Twenty six organizations including banks and universities have been added to try to pressure victims into paying the ransom. US federal government bodies have also been targeted.
The US Cybersecurity and Infrastructure Security Agency is providing support to several federal agencies that have experienced intrusions affecting their “MOVEit” applications”. It is not known which agencies are affected or what data has been stolen, but cyber authorities are saying they do not expect it to have a significant impact.
The mass hack is likely to have affected hundreds of organizations around the world with around 50 so far confirmed either by the firms themselves or by the hackers. Oil giant Shell was posted and has since confirmed it is a victim.
On the hacker’s dark web ‘leak site’ are companies from the US, Germany, Belgium, Switzerland, and Canada.
Ransomware gangs like Clop use their leak sites to “name and shame” victims into paying by posting company profiles. It’s a well-known and often profitable process and another way for hackers to extract ransom demands.
Once Clop names companies to its data leak site, the group will start its rounds of negotiations with affected organizations, demanding ransom payments to avoid their data being released in the wild, said Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest. Mr. Morgan says the hackers hope that the victims make contact and set a deadline of how long they have before their data is made public.
Clop has been known to demand ransoms of hundreds of thousands, sometimes millions of dollars, but police forces around the world discourage victims from paying as it fuels these criminal gangs.
The MOVEit hack was first disclosed on May 31st when US company Progress Software said hackers had found a way to break into its MOVEit Transfer tool.
MOVEit is software designed to move sensitive files securely and is popular worldwide with most of its customers in the US.
Progress Software said it alerted its customers as soon as the hack was discovered and quickly released a downloadable security update but the criminals were already able to use their access to get into the databases of potentially hundreds of other companies.
UK-based payroll services provider Zellis was a MOVEit user who was breached. Zellis has confirmed that eight UK organizations have had data stolen as a result, including home addresses, national insurance numbers and, in some cases, banking details.
Other Zellis customers that have been breached and had personal data exfiltrated include the BBC, British Airways, Aer Lingus and Boots. I’m sure there will be more US-based companies identified in the next few days.