The Clop ransomware group has created the MOVEit exploit using a zero-day vulnerability in third-party file transfer software MOVEit Transfer, owned by Progress Software. The aim of the attack was data theft, particularly personally identifiable information (PII) from customer databases.
The vulnerability, now tracked as CVE-2023-34362, is believed to have been exploited since around May 27th and has led to multiple waves of data breaches in the weeks following. Shortly after attacks began, Progress identified the vulnerability and a patch was offered in late May, though not all clients applied it. Since then, advisories on other vulnerabilities have been issued with fixes closely following.
The ransomware group gave impacted companies until June 14th to contact them. On that deadline day, the names of 13 companies was released on their leak site. In the days that have followed, numerous other companies have been named. The group has stated that it will start publishing content from those organizations that do not negotiate an extortion payment by June 21st.
Clop have recently released statement claiming that it has erased all data stolen from government, city, and police services as they have “no interest to expose such information.”
The current victim list is massive and growing, and Clop continues to share new entries every day, which begs the question, how many companies have actually been affected by this attack? Some victims have publicly announced their involvement in the breach, other have simply been named by Clop themselves. We’ll be following this attack closely and updating this blog with new information as the story unfolds.
Let’s take a look at the victims that have been announced to date:
- University of Rochester, based in Rochester, New York
- Austrian Finance Market Authority
- Zellis, UK based software development company
- Government of Nova Scotia
- BORN Ontario, healthcare organization in Canada
- Extreme Networks, US based software development company
- Synlab, French medical diagnostic service provider
- Government of Illinois
- Minnesota Department of Education
- HSE, public health service in Ireland
- Landal Greenparks, European holiday facilities
- Ofcom, UK’s media watchdog
- Ernst & Young (EY), global accountancy firm
- Transport for London (TfL), UK government body
- Prudential Assurance Malaysia Berhad (PAMB), Malaysian insurance company
- Prudential BSN Takaful Berhad (PruBSN), Malaysian takaful company
- State of Missouri
- 1st Source Bank, Michigan based bank
- Datasite LLC, US based SaaS provider
- First National Bankers Bank, US based bank services provider
- GreenShield Canada, a non-profit benefits carrier
- Heidelberger Druckmaschinen, German precision engineering company
- Leggett and Platt, US based manufacturing firm
- National Student Clearinghouse, US based educational not for profit organization
- OKK, insurance company based in Switzerland
- Putnam Investments, US based investment management firm
- United HealthCare Services, US based health insurance firm
- Shell, British multinational gas company
- University of Georgia, based in Athens, Georgia
- John Hopkins University and Health System, based in Baltimore, Maryland
- HealthEquity, US based financial technology and business services provider
- CU*Answers, US based software company
- NavAXX S.A., Luxembourg based financial services company
- Delaware Life, US based insurance company
- Fiduciary Outsourcing, US based fiduciary retirement plan administration provider
- Enzo Biochem, US based medical diagnostics firm
- CareServices LLC, US based healthcare services provider
- Genericon Pharma, Pharmaceutical company based in Austria
- Brault, US based technology firm
- A + Federal Credit Union, Texas based Credit Union
- Bar Harbor Bank, US based bank
- Power Financial Credit Union, South Florida based Credit Union
- East West Bank, US based bank
- US Department of Energy’s Waste Isolation Pilot Plant
- Oak Ridge Associated Universities, based in Oak Ridge, Tennessee
- Louisiana’s Office of Motor Vehicles (OMV)
- Oregon Department of Transportation
- Marti Group, Swiss contracting company
- PRA Group, US based debt collection agency
- Umpqua Bank, US based bank
- University of Missouri, based in Columbia, Missouri
- IC System, US based debt collection services
- ARBURG, European plastics manufacturer
- Boston Globe, US daily newspaper
- China CITIC Bank, commercial banking company
- STIWA Group, Austrian manufacturing company
- Cegedim SA, French technology company
- Aon, global insurance company
- Nuance Communications, US based software company
- Pan American Life Insurance Group, US based insurance organization
- Gesa, Washington based Credit Union
- Telos, US based Information Technology company
- Santa Clara University, based in California
- Skillsoft, US based educational technology company
- Cree Lighting, US-based LED lighting manufacturer
- Gen Digital, the parent company of cybersecurity brands Avast, Avira, Norton and LifeLock
- Stockman Bank, Montana based community bank
- Baesman, US based marketing services provider
- EMSS Inc, Hawaii based IT services and IT consulting organization
- CBE, construction company based in Australia
- Zurich Insurance Brazil
- PricewaterhouseCoopers (PWC), global accounting firm.
Last update: 22nd June 2023 16:25