Extortion spree feared after breach of file-sharing software

NEW YORK CITY – Cybersecurity experts are bracing for a potential wave of extortion demands after a vulnerability was discovered in encrypted file-sharing software, a flaw that hackers have already used to target a string of high-profile victims, including British Airways and the BBC.

Several companies and a Canadian province said on Monday that they were dealing with breaches related to the secure file transfer product MOVEit from Progress Software Corp, according to statements from several of the affected entities. The vulnerability allowed hackers to steal files that companies had uploaded to MOVEit, according to Progress.

The flaw had prompted security alerts in recent days from the United States Department of Homeland Security, the United Kingdom National Cyber Security Centre, Microsoft Corp and Mandiant, a subsidiary of Alphabet’s Google Cloud. 

Progress released a patch for the software last week.

“When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps,” its spokesman John Eddy said in a statement.

Microsoft said the hackers responsible for the attacks on MOVEit servers also run the Clop extortion website. Clop is the name of a ransomware variant that has been deployed against companies and organisations around the world, and it also sometimes refers to the hacking gang that uses it.

Hackers affiliated with the group also steal data and threaten to publish it on its website if a ransom is not paid. 

The group has primarily targeted the health care and financial sectors and has existed since February 2019, according to Trend Micro. The same attackers were responsible for previous hacks of two other secure file transfer products developed by Accellion and Fortra, said Mr Allan Liska, senior intelligence analyst at cyber security firm Recorded Future. 

Publicly available data sources show there are thousands of vulnerable MOVEit servers that could have been affected by the software flaw, Mr Liska said. The criminal hackers are expected to begin contacting companies and demanding payment in cryptocurrency in exchange for not uploading the company’s…