The Russian hacker group Clop says it has stolen data from tens of thousands of employees. The group gives victims one week to negotiate a ransom amount and pay. If they do not, the hacker group threatens to publicise the captured data.
This is written by various media, including BBC News .
Vulnerability in MOVEit Transfer causes many victims
This concerns data from airlines British Airways and Aer Lingus, pharmacy chain Boots, the British broadcaster BBC, the government of the Canadian province of Nova Scotia and the University of Rochester. It is unclear exactly what data the hackers have captured, although it is suspected that it concerns name, address details, and salary. More than one hundred thousand employees have been informed of the data theft by their clients.
The Russian hacker group Clop claims to have stolen the data by exploiting a vulnerability in MOVEit Transfer. This is an application that is used by the business community to share files.
Last week, the developer announced that it had found a hitherto unknown zero-day exploit in the software. The company then released a security update. Both the developer and the National Cyber Security Center (NCSC) advised installing it as soon as possible. British payroll company Zellis confirmed via a statement this week that hackers had infiltrated its internal systems via MOVEit Transfer. Hundreds of companies worldwide may be victims of the vulnerability in the application.
Hacker group gives victims an ultimatum
Last Monday, Microsoft reported that the Russian hacker group Clop is responsible for the data theft at the companies. The BBC says members of the group confirm she is behind the attacks. The British broadcaster has read a statement from the group on the dark web. In it they issue an ultimatum to the victims.
The hackers are calling on victims to contact them before Wednesday, June 14 and negotiate a ransom amount. If they fail to do so, the hacker group threatens to make the stolen data public.
Hacker group says it has deleted certain information
Clop claims it has deleted all data from government agencies, city councils and police departments. “We have no interest in making such information public,” the hackers write on the dark web.
However, security experts don’t believe it. “Clop’s claim that they have removed information about public sector organizations should be taken with a grain of salt. If the information has monetary value or can be used for phishing, it’s unlikely they’ll just throw it away,” Emsisoft cybersecurity expert Brett Callow told the BBC.
According to experts, Clop is a hacker group that operates from Russia. The group is responsible for many victims and has reportedly stolen millions of dollars in ransom money. Maastricht University and the University of Antwerp, among others, have been attacked by Clop in the past.