Hackers Behind MOVEit Ransomware Attacks Issue an Ultimatum | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Prolific ransomware gang Clop has claimed credit for the recent wave of MOVEit attacks that have stolen private data from companies around the globe. They have an ultimatum, too: The victims have until June 14th to email Clop, or their data will be exposed online.

The victims include the BBC, British Airways, Nova Scotia’s government, and a host of other businesses.

The MOVEit software — a file-transfer tool used by enterprise companies to share particularly large files — was exploited by the hackers in order to steal the data in the first place. The company behind the software has since released a patch, but the damage is done for the many victims who now have a week to decide if they’ll pay up.

What to Know About the MOVEit Hack

News first broke last week about the MOVEit attacks, and victims have been coming forward in the days since.

The MOVEit software is aimed at transferring large files, and enterprise companies in particular rely on it — two reasons why it’s a particularly attractive target for ransomware hackers. These types of hacking attempts need to hoover up a lot of data, and they need a victim with large enough pockets to make a ransom worthwhile.

This particular vulnerability was also exactly what a hacker would hope for: It allowed bad actors to gain access to any affected server’s database. One of the affected companies, the UK-based Zellis, provides human resources software and payroll to corporate clients. Among those clients are the BBC and British Airways, both of which have now lost their payroll data to the hackers.

Clop’s Ultimatum Isn’t the Norm for Ransomware

On Monday, Microsoft analysts stated that they believed the Russia-linked ransomware group Clop was behind it all, and now Clop has confirmed that this is correct. In a long blog post, the hacker gang demanded that any affected customers get in touch via email in order to negotiate the safekeeping of their data.

That’s not the norm for a ransomware attack: Hackers are usually the ones to send an email, with the specifics of the ransom and how it can be paid already explained. Actually paying up isn’t recommended, even though companies frequently do pay ransoms. Making an ultimatum public like Clop has just done could potentially scare the companies into avoiding paying at all.

So why do it? Likely because the scale of the attack was so large that Clop can’t devote the resources into tracking down all of their victims.

“My take is that they just have so much data that it is difficult for them to get on top of it all. They’re betting that if you know then you will contact them.” – SOS Intelligence CEO Amir Hadžipasić

How Can You Keep Your Data Safe?

Ransomware attacks have been a booming industry in recent years, with costs hitting a massive $1.2 billion worldwide in 2021, a 188% increase over the year prior. Ransomware attacks are a big chunk of the total cyberattack pie.

Since then, however, ransomware attacks appear to have peaked: Reported ransomware attacks have dropped 40% in 2022, according to one report. Still, ransomware and business email attacks together added up to 70% of all cyberattacks last year, and they’re nothing to sneeze at.

Your business can adapt extra security precautions like employee password managers or VPNs, but ultimately, you’ll need to develop your own plan for how to handle a ransomware attack that targets a third-party software as the MOVEit attacks have done.


Click Here For The Original Source.

National Cyber Security