Cyber Crime Gang Publishes Stolen Data of Global Hack Victims

In a disturbing development, a cyber crime gang known as Clop has published the names and company profiles of numerous victims of a mass hack that has impacted organizations worldwide. The hacker group began posting the names of affected firms on its website on the darknet, with the intention of pressuring the victims into paying a ransom. So far, twenty-six organizations, including banks, universities, and even US federal bodies, have been targeted by Clop.

The US Cybersecurity and Infrastructure Security Agency confirmed that it is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications. While it is not yet clear which agencies have been affected or what data has been stolen, cyber authorities believe that the impact will be limited.

The extent of the mass hack is expected to encompass hundreds of organizations globally, with approximately 50 confirmed victims. The leak site operated by the hackers features companies from the United States, Germany, Belgium, Switzerland, and Canada. Oil giant Shell was among the organizations targeted and has since confirmed being a victim, but the BBC has chosen not to disclose the names of the other affected firms.

Ransomware groups like Clop utilize leak sites to “name and shame” victims as a means to coerce them into paying a ransom. This tactic has proven to be profitable for these criminal entities. The hackers typically initiate negotiations with the affected organizations and demand ransom payments to prevent the release of their data. The criminals hope that the victims will respond and usually set a deadline before making the data public.

Clop has a history of demanding substantial ransoms, often ranging in the hundreds of thousands or even millions of dollars. However, law enforcement agencies worldwide discourage victims from paying, as it only emboldens and sustains these criminal gangs.

The MOVEit hack was initially disclosed on May 31 when US company Progress Software reported that hackers had compromised its MOVEit Transfer tool. MOVEit is a widely used software designed for secure file transfers, with a significant customer base in the United States. Progress Software promptly alerted its customers about the hack and released a security update to address the issue. Unfortunately, by that time, the criminals had already gained access to the databases of potentially hundreds of other companies.

One of the affected organizations is Zellis, a payroll services provider based in the UK and a user of MOVEit. Zellis confirmed that eight UK organizations, including the BBC, British Airways, Aer Lingus, and Boots, had their data stolen as a result of the breach. The stolen information includes home addresses, national insurance numbers, and, in some cases, bank details. It is important to note that not all affected firms had the same data exposed.

As authorities investigate the extent of the breach and work to mitigate the damage, the prevailing advice remains not to engage with the hackers or pay the ransom. Taking a firm stance against these criminal activities is crucial to deter future attacks and protect the security and privacy of organizations and individuals alike.