Tag Archive for: clop

MOVEit Breach Exposes Data To Clop Ransomware Attack

/in


The US government has verified that a number of governmental institutions have been the target of Clop ransomware attacks that took advantage of a popular file transfer tool’s security flaw.

A senior CISA officer informed reporters later on Thursday, citing estimates from private analysts, that “several hundred” businesses and organizations in the US may also be impacted by the hacking campaign in addition to US government entities.

Over the lengthy Memorial Day holiday in the United States, the attacks began on May 27. The Clop ransomware group claimed to have stolen data from hundreds of businesses.

This week, Clop started using a data leak website to blackmail businesses by publishing their identities there and threatening to start releasing data if a ransom is not paid.

The claimed responsible ransomware gang, Clop, is known to demand multimillion-dollar ransoms. However, the senior official informed reporters at a background briefing that no demands for ransom have been made of federal agencies.

clop ransomware
Clop reportedly demands millions (Image Credit)

The US business Progress Software, which created the software used by the hackers, said it had found a second weakness in the system and was trying to remedy it when CISA responded.

“Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA). The Department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach,” a Department of Energy spokesperson told TechCrunch

According to CISA Director Jen Easterly, who told reporters that the intrusions had not had any “significant impacts” on federal civilian agencies, the hackers have been “largely opportunistic” in utilizing the software hole to access networks.

Need for having a skilled team for combatting E-commerce security threats?

The disclosure increases the number of victims of a massive cyber attack that started two weeks ago and has affected state…

Source…

Clop MOVEit hacking victims now include Department of Energy facilities

/in


The number of victims targeted by the Clop ransomware gang’s targeting of a critical vulnerability in Progress Software Corp.’s MOVEit file transfer software continues to grow, with the revelation today that the victims now include several U.S. government agencies.

Although a full list of agencies targeted was not disclosed by Cybersecurity & Infrastructure Agency officials who spoke to various media outlets, later reports suggest that the Department of Energy was one of those targeted.

Federal News Network, citing multiple sources, claims that Oak Ridge Associated Universities and the DOE’s Waste Isolation Pilot Plant near Carlsbad, New Mexico, experienced data breaches involving the MOVEit vulnerability. The DOE confirmed the report, although it noted that it did not affect agency data.

“The U.S. Department of Energy takes cybersecurity and the responsibility to protect its data very seriously,” a DOE spokesperson said. “Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency.”

However, the DOE may be the tip of the iceberg as more and more victims continue to come to light. Since a report last week detailing victims, including the BBC, British Airways Plc and the pharmacy chain Boots UK Ltd., had been targeted through a MOVEit attack on payroll company Zellis UK Ltd., the list of victims has grown.

Bleeping Computer reported that Clop has listed thirteen companies and organizations on its dark web leaks site. Several of those listed have since confirmed that they have been victims: Shell Plc, UnitedHealthcare Student Resources, the University of Georgia, the University System of Georgia, Heidelberger Druckmaschinen AG and Landal Greenparks.

Clop is also reportedly demanding that victims pay a ransom, or they will start publishing stolen data on June 21.

MOVEit is managed file transfer software designed to provide secure and compliant file transfers for sensitive data within and between organizations. The vulnerability, officially…

Source…

Nearly 500K Intellihartx patients' data compromised in Clop … – SC Media

/in



Nearly 500K Intellihartx patients’ data compromised in Clop …  SC Media

Source…

Clop Ransomware Gang Asserts It Hacked MOVEit Instances

/in


Fraud Management & Cybercrime
,
Governance & Risk Management
,
Patch Management

Russian-Speaking Extortion Operation Says It Will Start Listing Victims on June 14

David Perera (@daveperera) •
June 6, 2023    

Clop Ransomware Gang Asserts It Hacked MOVEit Instances
Image: Shutterstock

The Clop ransomware-as-a-service gang said it’s the actor behind a spate of hacks taking advantage of a vulnerability in Progress Software’s MOVEit managed file transfer application.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

In a Tuesday posting on its dark web leak site, Clop said, in all caps, that it has used the MOVEit flaw to download information from hundreds of companies. “We download alot [sic] of your data as part of exceptional exploit. We are the only one who perform such attack and relax because your data is safe,” the Russian-speaking criminal gang wrote.

Clop’s assertion is not unexpected; Microsoft this week attributed the attacks to Clop affiliate FIN11, which the computing giant tracks as Lace Tempest (see: Microsoft Attributes MOVEit Transfer Hack to Clop Affiliate).

Gang representatives reportedly took credit for the attacks Monday in communications with Bleeping Computer and a Reuters reporter.

Clop says it will begin posting the names of victims starting on June 14 unless it hears from them first. It also asserted that it erased data obtained from “government, city or police service” sources since “We have no interest to expose such information.”

Information Security Media Group could not independently verify Clop’s claims. The gang earlier this year used a vulnerability in another file transfer application…

Source…