BBC reports* that a prolific cyber crime gang has issued an ultimatum to victims of a hack that has hit organisations around the world. The Clop group posted a notice on the dark web warning those affected by the MOVEit hack to email them before 14 June or stolen data will be published. More than 100,000 staff at the BBC, British Airways and Boots have been told payroll data may have been taken. Employers are being urged not to pay up if the hackers demand a ransom.
The attackers have been extremely quick in jumping on and misusing the MOVEit vulnerability only days after it was published. Despite the fact a patch had been issued, many companies didn’t have enough time to test and implement it, resulting in large numbers of unpatched machines available for an easy exploit. We have seen the same pattern with EternalBlue exploit in 2017, which was used in the probably most referenced global ransomware attacks – NotPetya and WannaCry. The fact that the patch to a vulnerability exists doesn’t automatically mean the companies will adopt it.
After the successful attack, the attackers begun negotiation tactics by reaching out to their victims to find the maximum possible ransom rather than using a predetermined amount chosen by the hackers. This decision is likely to stem from the overwhelming magnitude of the ongoing hack which is still affecting large numbers of systems worldwide and potentially overpowering the capabilities of Clop itself.
Clop, however, claims to have deleted information relating to public sector organisations but from what we have learnt in the past is that we cannot trust the words of cybercriminals and therefore, anyone who believes their data has been stolen must remain on high alert.Although it is never advised to pay ransom demands to cybercriminals, there is an inevitable risk that some of the targeted companies will succumb to the pressure. This will only fuel the fire and continue the cycle of this devastating criminal group. It is more important that the companies affected are open and honest with their employees and customers offering support in how to protect themselves and how to spot follow up phishing and smishing attacks.
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 