Hackers Behind MOVEit Ransomware Attacks Issue Their Ultimatum

Microsoft analysts believed the Russia-linked ransomware group Clop was behind the attack. Now, Clop has confirmed.

Prolific ransomware gang Clop has claimed credit for the recent wave of MOVEit attacks that have stolen private data from companies around the globe. They have an ultimatum, too: The victims have until June 14th to email Clop, or their data will be exposed online.

The victims include the BBC, British Airways, Nova Scotia’s government, and a host of other businesses.

The MOVEit software — a file-transfer tool used by enterprise companies to share particularly large files — was exploited by the hackers in order to steal the data in the first place. The company behind the software has since released a patch, but the damage is done for the many victims who now have a week to decide if they’ll pay up.

What to Know About the MOVEit Hack

News first broke last week about the MOVEit attacks, and victims have been coming forward in the days since.

The MOVEit software is aimed at transferring large files, and enterprise companies in particular rely on it — two reasons why it’s a particularly attractive target for ransomware hackers. These types of hacking attempts need to hoover up a lot of data, and they need a victim with large enough pockets to make a ransom worthwhile.

This particular vulnerability was also exactly what a hacker would hope for: It allowed bad actors to gain access to any affected server’s database. One of the affected companies, the UK-based Zellis, provides human resources software and payroll to corporate clients. Among those clients are the BBC and British Airways, both of which have now lost their payroll data to the hackers.

Clop’s Ultimatum Isn’t the Norm for Ransomware

On Monday, Microsoft analysts stated that they believed the Russia-linked ransomware group Clop was behind it all, and now Clop has confirmed that this is correct. In a long blog post, the hacker gang demanded that any affected customers get in touch via email in order to negotiate the safekeeping of their data.

That’s not the norm for a ransomware attack: Hackers are usually the ones to send an email, with the specifics of the ransom and how it can be paid already explained. Actually paying up isn’t recommended, even though companies frequently do pay ransoms. Making an ultimatum public like Clop has just done could potentially scare the companies into avoiding paying at all.

Protect Your Data with SurfShark VPN

Connect an unlimited number of devices for just $2.49 per month.

So why do it? Likely because the scale of the attack was so large that Clop can’t devote the resources into tracking down all of their victims.

“My take is that they just have so much data that it is difficult for them to get on top of it all. They’re betting that if you know then you will contact them.” – SOS Intelligence CEO Amir Hadžipasić

How Can You Keep Your Data Safe?

Ransomware attacks have been a booming industry in recent years, with costs hitting a massive $1.2 billion worldwide in 2021, a 188% increase over the year prior. Ransomware attacks are a big chunk of the total cyberattack pie.

Since then, however, ransomware attacks appear to have peaked: Reported ransomware attacks have dropped 40% in 2022, according to one report. Still, ransomware and business email attacks together added up to 70% of all cyberattacks last year, and they’re nothing to sneeze at.

Your business can adapt extra security precautions like employee password managers or VPNs, but ultimately, you’ll need to develop your own plan for how to handle a ransomware attack that targets a third-party software as the MOVEit attacks have done.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals