Russian ransomware group Clop has begun naming and shaming victims they compromised by exploiting flaws in MOVEit, a popular file-transfer product, on May 27.
A number of high-profile organizations were posted onto Clop’s victim list, including the US Department of Energy, US-based financial service 1st Source, the University of Georgia, the UK energy giant Shell, as well as other.
No sensitive information has been revealed yet, but Clop claims they will begin leaking data on June 21st if their extortion demands are not met.
Clop Release Names of Victims on Data-Leak Site
As Clop’s criminality reaches new heights, the Russian-speaking ransomware gang has started to publically disclose the names of organizations they targeted during a recent spate of global security attacks.
The extortion gang has been exploiting a zero-day vulnerability flaw in the popular software tool MOVEit Transfer until late May, before stealing sensitive data that was stored on the server.
“CISA is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” – Eric Goldstein, CISA’s executive assistant director for cybersecurity
Clop has taken full responsibility for these attacks and claimed to have breached “hundreds of companies” in total. The hacker gang gave impacted organizations until June 14 to pay up in order to protect their anonymity. Now, if the victims don’t give in to the Clop’s extortion attempts, the gang warns they will start leaking stolen data on June 21.
The US Cybersecurity and Infrastructure Security Agency (CISA) first issued a security advisory about a MOVEit software vulnerability on June 1. Now victims have been made public, Eric Goldstein, CISA’s executive assistant director for cybersecurity claims the agency is “working urgently to understand impacts and ensure timely remediation”.
What Organizations Has Clop Successfully Exploited?
According to Clop’s own data-leak site, here are some organizations that were targeted by the ransomware gangs’ recent attacks:
- The US Department of Energy
- The University of Georgia
- John Hopkins University
- Putnam Investments
- 1st Source Bank
- First National Bankers Bank
- Datasite
- National Student Clearinghouse
- United Healthcare Student Resources
- Leggett & Platt
- Shell Gas
Other MOVEit victims that haven’t yet been listed on Clop’s official list include:
- The British Broadcasting Company (BBC)
- British Airways
- The Government of Nova Scotia
- Ofcom
While Clop’s activities were discovered in late May, researchers believe the cybergang could have been exploiting the MOVEit vulnerability since 2021.
Therefore, due to the scale of these attacks, it’s expected that hundreds more names are expected to come to light in the coming weeks. Organizations from all across the world were targeted, but with most MOVEit servers being located across America, a large number of victims are presumed to be US based.
Read our in-depth guide to ransomware.
How to Evade Ransomware Threats like Clop
If you suspect you may have been targeted by Clop’s recent wave of attacks, CISA urges organizations to review the MOVEit Transfer advisory, before following the mitigation steps listed, and updating the software regularly.
But Clop isn’t working alone. Ransomware attacks have been seeing a resurgence in 2023 with new data from Black Kite revealing that the number of ransomware attacks in March (410) nearly doubled those reported last April (208).
It’s more important than ever that businesses ensure their systems are robust. Read our guide to ensuring company cybersecurity is watertight.
Lastly, in the unfortunate event of an attack, don’t pay the ransom. While the tactics deployed by ransomware groups have been designed to stoke fear, organizations that pay up stand a much greater chance of being targeted again.
By investing these sums back into your company’s cyber defenses — instead of criminal organizations — your business will be better equipped to evade threats going forward.
