The state’s cybersecurity team “(evicted) the attacker within three hours and (verified) that the vulnerability could no longer be exploited in our system,” said Sanjay Gupta, the newly hired chief information officer and head of the Department of Innovation & Technology.
However, it also said the “investigation is ongoing and the full extent of this incident is still being determined, but DoIT believes a large number of individuals could be impacted.”
The attack involves widely used file-transfer software called MOVEit and is believed to be the work of a group known as CL0P, TA505 and other names, which claimed to have breached the systems of hundreds of companies as well as governments.
Boots said employees’ personal details were affected and staff have been notified, Bloomberg News reported. Other victims of the attack include BBC, British Airways, Aer Lingus, the government of Nova Scotia and the University of Rochester.
The state of Illinois declined to say whether any ransom demands had been made, but CL0P earlier this week hinted that such demands could be coming.
“This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit,” the gang said, according to Bloomberg. “We have information on hundreds of companies so our discussion will work very simple.”
The U.S. government issued a warning Wednesday about the MoveIT attacks.
Some of the victims of the MOVEit attacks, such as British Airways and Nova Scotia, have said that personal identifying information of employees and citizens were compromised.
The state of Illinois hasn’t gone that far. “DoIT’s current efforts are focused on determining an accurate population of impacted individuals for appropriate notifications,” a spokeswoman said.
However, it described how the attack unfolded: “Within minutes of the attack on May 31, DoIT took immediate action, disconnected all associated systems that utilized the third-party software and engaged its security incident response team to conduct a forensic analysis. In the following days, the worldwide cyber community began to identify the attackers’ ‘fingerprints,’ and state security officials were able to begin mapping the extent of the attack on Illinois’ systems.”
