The names and company profiles of dozens of victims of a global mass hack have been published by a cyber crime gang Clop holding their stolen data to ransom, writes the BBC*.
Twenty six organisations including banks and universities have been added to try to pressure victims into paying. US federal bodies have also been targeted. The US Cybersecurity and Infrastructure Security Agency told CNN it “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications”.
It is not known which agencies are affected or what data stolen, but cyber authorities say they do not expect it to have significant impact. Clop has been known to demand ransoms of hundreds of thousands, sometimes millions of dollars but police forces around the world discourage victims from paying as it fuels these criminal gangs.
The MOVEit hack was first disclosed on 31 May when US company Progress Software said hackers had found a way to break into its MOVEit Transfer tool. True to their word, the attackers have started to name their victims. With multiple companies targeted all across the globe and millions of lines of personal data potentially being exposed, this cyberattack is beginning to be even bigger than first expected.
Without knowing the true extent of the extorted data it remains unknown as to what has been stolen or is at risk. However, this is not a fair game as cybercriminals do not always play by the rules. The supply chain can be worryingly vulnerable when not updated in a timely fashion and threat actors can often be extremely quick to take advantage of any found exploit. It is therefore vital that all organizations who are yet to patch this vulnerability do so immediately as well as carry out a full vulnerability assessment.
*ESET does not bear any responsibility for the potential inaccuracy of BBC’s information.
ESET Ireland 