Shell Plc, IAG SA’s British Airways, the British Broadcasting Corp., the state of Minnesota’s Department of Education, multiple federal agencies — they’re among the victims of the latest data breach launched by Clop, a Russian-speaking hacking group that’s attacking targets around the world in both the public and private sectors.
The Clop gang, also known as Cl0p, is known for “driving global trends in criminal malware distribution,” according to the US Cybersecurity and Infrastructure Security Agency, or CISA. Clop has pulled off its latest breach by exploiting a weakness in MOVEit, a file-transfer product that companies and organizations use to transmit sensitive data. Once the hackers penetrated MOVEit, they could access data stored on MOVEit servers, a portal that’s enabled them to steal personal information from industry giants with tens of thousands of employees and government agencies that handle data, some of it sensitive, on millions of people.
Clop is the name of a variant of ransomware, a type of malware used to encrypt a victim’s computer files in lieu of a payment. It is also the name of a financially motivated criminal gang that uses a variety of methods to extort its victims: by deploying ransomware and demanding payment; by stealing sensitive documents and threatening to post them online unless a payment is made; or both.