A global cybercrime gang, known as Clop, has released the names and company profiles of numerous victims that fell victim to a large-scale hack.
The stolen data is being held for ransom, and to pressure the affected organizations into paying, Clop started posting the names of these firms on their website on the darknet.
The list of victims has expanded to include 26 organizations, including banks, universities, and even some US federal bodies.
The US Cybersecurity and Infrastructure Security Agency is currently providing support to several federal agencies affected by intrusions in their MOVEit applications, although the specific agencies impacted and the extent of the data breach remains unknown. Cyber authorities believe the impact of the stolen data is unlikely to be significant.
The mass hack has likely affected hundreds of organizations worldwide, with approximately 50 confirmed cases reported either by the affected companies themselves or by the hackers.
The leak site hosted by the hackers reveals the names of companies from various countries such as the US, Germany, Belgium, Switzerland, and Canada.
Oil giant Shell has publicly acknowledged being one of the victims, but the BBC has chosen not to disclose the names of the other affected firms.
Ransomware groups like Clop often utilize leak sites to publicly shame victims and coerce them into paying the ransom. This tactic has proven to be lucrative for cybercriminals in the past.
“Once Clop names companies to its data leak site, the group will start its rounds of negotiations with affected organizations, demanding ransom payments in order to avoid their data being breached, said Chris Morgan, Senior Cyber Threat Intelligence Analyst at ReliaQuest.
According to Mr. Morgan, the hackers are counting on the victims to establish contact and have set a deadline before their data is publicly disclosed. Typically, Clop has demanded ransoms ranging from hundreds of thousands to millions of dollars. However, law enforcement agencies worldwide discourage victims from paying, as it only empowers these criminal groups.
The initial disclosure of the MOVEit hack occurred on May 31st, when Progress Software, a US company, reported that hackers had successfully breached its MOVEit Transfer tool. MOVEit is widely used globally for securely transferring sensitive files, with a significant customer base in the United States.
Progress Software promptly notified its customers of the breach and swiftly released a security update for download. Unfortunately, the criminals had already exploited their access to infiltrate the databases of potentially hundreds of other companies.
One of the affected organizations is Zellis, a payroll services provider based in the UK, which had also been using MOVEit. Zellis has confirmed that eight UK organizations had their data stolen as a result of the breach. The stolen information includes home addresses, national insurance numbers, and, in some instances, bank details.
It’s important to note that not all firms had the same data exposed. Among the breached Zellis customers are the BBC, British Airways, Aer Lingus, and Boots.
Read More: Israel Ramps Up Settlement Construction in Occupied West Bank
