Ransomware Gang Haunted US Firms Long Before MOVEit Hack
Shell Plc, IAG SA’s British Airways, the British Broadcasting Corp., the state of Minnesota’s Department of Education, multiple federal agencies — they’re among the victims of the latest data breach launched by Clop, a Russian-speaking hacking group that’s attacking targets around the world in both the public and private sectors.
The Clop gang, also known as Cl0p, is known for “driving global trends in criminal malware distribution,” according to the US Cybersecurity and Infrastructure Security Agency, or CISA. Clop has pulled off its latest breach by exploiting a weakness in MOVEit, a file-transfer product that companies and organizations use to transmit sensitive data. Once the hackers penetrated MOVEit, they could access data stored on MOVEit servers, a portal that’s enabled them to steal personal information from industry giants with tens of thousands of employees and government agencies that handle data, some of it sensitive, on millions of people.
The hacking group claimed it obtained data from hundreds of companies, and while that allegation is difficult to confirm, the list of victims keeps growing. For instance, the US Department of Energy received a ransom request from Clop after two of its entities were affected by the breach. The Oak Ridge Associated Universities, which manages a contract with several of the department’s national laboratories, and the National Nuclear Security Administration, the agency arm that maintains the US nuclear stockpile, received the request but didn’t respond, a spokesperson for Oak Ridge said.
Another ransom request was received by an Energy Department arm affected by the hack, the Waste Isolation Pilot Plant, which stores nuclear waste underground in New Mexico, Reuters reported.
Clop is the name of a variant of ransomware, a type of malware used to encrypt a victim’s computer files in lieu of a payment. It is also the name of a financially motivated criminal gang that uses a variety of methods to extort its victims: by deploying ransomware and demanding payment; by stealing sensitive documents and threatening to post them online unless a payment is made; or both.
