A Warning to Victims: Reach Out Before June 14 or Face Data Publication
A cyber crime gang believed to be operating from Russia has issued an ultimatum to organizations affected by the MOVEit hack, a global cyber attack. The group, known as Clop, posted a notice on the dark web, demanding that victims email them by June 14, or risk having their stolen data published. Notably, over 100,000 employees from major entities like the BBC, British Airways, and Boots have been alerted that their payroll data might have been compromised. Security experts are advising against paying any ransom demanded by the hackers.
Clop Group Linked to the MOVEit Hack
Previously, cyber security researchers suspected the Clop group’s involvement in the MOVEit hack, which was first announced last week. The criminals managed to exploit a vulnerability in the widely-used business software MOVEit, gaining unauthorized access to the databases of numerous companies. Microsoft analysts have confirmed Clop’s responsibility for the attack, based on the techniques employed.
Unusual Tactics and the Darknet Portal
In an unusual move, Clop’s announcement on the dark web instructs affected organizations to initiate negotiations by emailing the gang. This differs from the typical approach where hackers email ransom demands directly. This change in strategy may be due to the overwhelming scale of the ongoing hack, as Clop struggles to manage the influx of compromised data. MOVEit, a file transfer software provided by US company Progress Software, is widely adopted by businesses for secure file transfer. One of its users, UK-based payroll services provider Zellis, has confirmed that eight organizations have suffered data breaches, exposing sensitive information such as home addresses, national insurance numbers, and, in some cases, bank details.
Cautious Response to Clop’s Claims
Clop’s leak site asserts that any data from government, city, or police services has been deleted, reassuring victims that they need not contact the group. However, cyber security researchers urge caution, emphasizing that Clop’s claims should not be trusted. They suspect that the data may hold monetary value or be exploited for phishing attacks, making it unlikely that the group has truly disposed of the information. Clop has a history of persistent threat activities and is primarily active on Russian-speaking forums, leading experts to believe it is based in Russia, although the country denies providing safe haven to ransomware gangs.
Ongoing Battle and Past Arrests
Clop operates as a “ransomware as a service” group, allowing hackers to rent their tools for attacks from any location. In 2021, alleged Clop hackers were arrested in Ukraine following a joint operation involving Ukraine, the United States, and South Korea. Authorities claimed to have dismantled the group responsible for extorting $500 million globally. However, Clop has proven to be a persistent threat, highlighting the ongoing battle against cyber crime.
SOURCE: Ref – By Joe Tidy
Whether writing about complex technical topics or breaking news stories, my writing is always clear, concise, and engaging. My dedication to my craft and passion for storytelling have earned me a reputation as a highly respected article writer.