Cl0p Ransomware Strikes Deloitte, Company Refutes Breach

/in


IN SUMMARY

  • The Cl0P ransomware gang claims to have breached Deloitte.
  • Deloitte has refuted the claims made by the gang regarding the breach.
  • The Cl0P ransomware gang is actively exploiting the MOVEit vulnerability.
  • Deloitte is among the firms using the vulnerable MOVEit Transfer software.

The infamous Cl0p Ransomware has struck again, this time claiming to have targeted the multinational professional services network Deloitte. The ransomware gang, known for its high-profile attacks, claimed responsibility for breaching Deloitte’s infrastructure in a recent post on its dark web data breach blog. While Deloitte’s response refutes the claims, the incident highlights the ongoing risk posed by the MOVEit vulnerability.

Deloitte’s denial of the breach comes with a strong statement from the company’s Global spokesperson. In an exclusive response to Hackread.com, Deloitte stated that they found no evidence of any breach of client data during their analysis.

Cl0p Ransomware Strikes Deloitte, Company Refutes Breach
According to Cl0P, “The company doesn’t care about its customers, it ignored their security!!!” (Screenshot: Hackread.com)

The company took immediate action upon discovering the zero-day vulnerability, applying security updates and mitigating actions as per the vendor’s guidance. Furthermore, Deloitte claimed that their global network’s use of the vulnerable MOVEit Transfer software is limited, and their analysis revealed no impact on client data.

Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance. Our analysis determined that our global network use of the vulnerable MOVEit Transfer software is limited. Having conducted our analysis, we have seen no evidence of impact on client data.

Deloitte Global Spokesperson

The Cl0p Ransomware group has been on a hacking spree, exploiting the MOVEit vulnerability to target major companies worldwide. Previous victims include renowned names like PWC business consulting firm, TD Ameritrade, Aon, Kirkland, and Ernest & Young, among others. The gang is now also notorious for using clearnet websites to publish stolen…

Source…