Russian hacker group possibly linked to Hopkins cyberattack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


A Russian hacker group known as the Cl0p ransomware syndicate appears to be responsible for a cyberattack against Johns Hopkins University and Johns Hopkins Health System, the 11 News I-Team has learned.In an email sent to its community Wednesday, Johns Hopkins explained that the data breach was discovered on May 31, potentially affecting employees, students and patients. The email noted that the hack doesn’t appear to have included electronic health records. The email also explained that hackers targeted a software called MOVEit. The I-Team found that Cl0p has claimed responsibility for a recent global cyberattack that exploited a vulnerability in the widely-used MOVEit software to gain access to a number of companies, including the BBC, British Airways, the Nova Scotia government and dozens of others. The parent company of MOVEit, Progress Software, alerted customers about the data breach on May 31. When the I-Team asked the FBI whether Cl0p was responsible for the cyberattack at Johns Hopkins, the FBI stated it had no comment but referred the I-Team to an agency advisory about Cl0p exploiting a MOVEit vulnerability to hack companies around the world. Johns Hopkins spokeswoman Jill Rosen told the I-Team: “No further information is available beyond what we shared.” The FBI advisory, co-authored by the Cybersecurity and Infrastructure Security Agency, was published on June 7. It detailed how Cl0p typically gains access through websites, or by sending a large volume of phishing emails. The advisory also included a sample ransom note that Cl0p sent one company it hacked in January, starting off: “Hello, this is the CL0P hacker group. As you may know, we recently carried out a hack.”The chilling ransom note continued, stating that Cl0p “wanted to negotiate with you and your leadership first. If you ignore us, we will sell your information on the black market and publish it on our blog.”Cybersecurity expert Nick Yuran, CEO of Harbor Labs, recently spoke to the I-Team about these types of data breaches. I-Team video below: ID theft expert sheds light on data breaches”Ransomware is a cyberattack where the attacker takes control of the IT assets of the target organization, typically encrypting them or making them unavailable to the users until some form of ransom is paid to release it,” Yuran said.Cl0p gave impacted companies until Wednesday to begin negotiating a ransom or risk having their data published online on the dark web. “The FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered,” the advisory states. Later in the advisory, the FBI provided a clue as to what Cl0p may have asked Johns Hopkins to pay to recover its information, noting that ransom demands can be “millions of dollars for a big company, hospital, or utility.” The FBI’s Internet Crime Reports show Maryland residents went from paying the 17th-most amount of dollars for cybercrimes in 2021 to paying the 13th-most in 2022. The FBI’s report stated that the amount Maryland residents lost to cybercrime in 2022 comes out to $217,880,447.Johns Hopkins’ email to its community about the cyberattack stated: “If there is anything else that we can do to assist you, please call the designated call center at 888-703-9247 weekdays between the hours of 9 a.m. and 9 p.m. ET or visit jhu.edu/DataAttack or HopkinsMedicine.org/DataAttack.”

A Russian hacker group known as the Cl0p ransomware syndicate appears to be responsible for a cyberattack against Johns Hopkins University and Johns Hopkins Health System, the 11 News I-Team has learned.

In an email sent to its community Wednesday, Johns Hopkins explained that the data breach was discovered on May 31, potentially affecting employees, students and patients. The email noted that the hack doesn’t appear to have included electronic health records.

The email also explained that hackers targeted a software called MOVEit.

The I-Team found that Cl0p has claimed responsibility for a recent global cyberattack that exploited a vulnerability in the widely-used MOVEit software to gain access to a number of companies, including the BBC, British Airways, the Nova Scotia government and dozens of others.

The parent company of MOVEit, Progress Software, alerted customers about the data breach on May 31.

When the I-Team asked the FBI whether Cl0p was responsible for the cyberattack at Johns Hopkins, the FBI stated it had no comment but referred the I-Team to an agency advisory about Cl0p exploiting a MOVEit vulnerability to hack companies around the world.

Johns Hopkins spokeswoman Jill Rosen told the I-Team: “No further information is available beyond what we shared.”

The FBI advisory, co-authored by the Cybersecurity and Infrastructure Security Agency, was published on June 7. It detailed how Cl0p typically gains access through websites, or by sending a large volume of phishing emails.

The advisory also included a sample ransom note that Cl0p sent one company it hacked in January, starting off: “Hello, this is the CL0P hacker group. As you may know, we recently carried out a hack.”

The chilling ransom note continued, stating that Cl0p “wanted to negotiate with you and your leadership first. If you ignore us, we will sell your information on the black market and publish it on our blog.”

Cybersecurity expert Nick Yuran, CEO of Harbor Labs, recently spoke to the I-Team about these types of data breaches.

I-Team video below: ID theft expert sheds light on data breaches

“Ransomware is a cyberattack where the attacker takes control of the IT assets of the target organization, typically encrypting them or making them unavailable to the users until some form of ransom is paid to release it,” Yuran said.

Cl0p gave impacted companies until Wednesday to begin negotiating a ransom or risk having their data published online on the dark web.

“The FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered,” the advisory states.

Later in the advisory, the FBI provided a clue as to what Cl0p may have asked Johns Hopkins to pay to recover its information, noting that ransom demands can be “millions of dollars for a big company, hospital, or utility.”

The FBI’s Internet Crime Reports show Maryland residents went from paying the 17th-most amount of dollars for cybercrimes in 2021 to paying the 13th-most in 2022.

The FBI’s report stated that the amount Maryland residents lost to cybercrime in 2022 comes out to $217,880,447.

Johns Hopkins’ email to its community about the cyberattack stated: “If there is anything else that we can do to assist you, please call the designated call center at 888-703-9247 weekdays between the hours of 9 a.m. and 9 p.m. ET or visit jhu.edu/DataAttack or HopkinsMedicine.org/DataAttack.”

——————————————————–


Click Here For The Original Source.

How can I help you?
National Cyber Security

FREE
VIEW