Ransomware Gang Releases List of Companies Hit by MOVEit Data Breaches

Victims include several US banks and universities.

New Password-Stealing Malware Sells on Russian Hacking Forum!
Image by Elchinator from Pixabay

Many financial and educational institutions in the United States have been targeted by Clop, the ransomware group responsible for taking advantage of a serious security flaw in a widely used corporate file transfer tool.

Since late May, a ransomware group with ties to Russia has taken advantage of a vulnerability in MOVEit Transfer, a program businesses use to send huge files over the internet. Progress Software, the maker of the MOVEit software, released a fix for the flaw after hackers had already compromised a number of users.

List of Hacked Victims

According to TechCrunch, Clop revealed on Wednesday, June 14, a list of the first group of enterprises it claims it attacked using the MOVEit flaw, while the actual number of victims is yet unclear.

Companies, including US-based financial firms 1st Source and First National Bankers Bank, Putnam Investments in Boston, Landal Greenparks in the Netherlands, and Shell in the United Kingdom, may be found on the list of victims that were leaked on Clop's dark website.

Health and dental coverage provider GreenShield Canada, a nonprofit organization, was formerly mentioned on the leak site but has now been deleted.

Other affected companies are as follows:

  • Leggett & Platt, an American manufacturer
  • Heidelberg, a German mechanical engineering firm
  • ÖKK, a Swiss insurance company
  • Datasite, a financial software company
  • National Student Clearinghouse, an educational nonprofit
  • United Healthcare Student Resources, a student health insurance provider
  • University System of Georgia (USG)

Clop, unlike other ransomware groups, did not contact the companies it had hacked to seek a ransom payment for destroying the stolen material. Instead, a blackmail letter was put on the group's leak site on the dark web, telling victims to get in touch with the gang by June 14.

Disclosure of New Victims

The BBC, Aer Lingus, and British Airways are just a few of the companies that have already come forward to say they were affected as a consequence of the attacks. Because these companies depend on HR and payroll software provided by Zellis, which has admitted that its MOVEit system was breached, they are all at risk.

The Government of Nova Scotia, which utilizes MOVEit to distribute files between departments, acknowledged it was infected and warned that some individuals' personal information might have been stolen.

Nonetheless, Clop claimed all government, municipal, and police agency data had been deleted in a statement posted on its leak site.

This week, Johns Hopkins University disclosed a cyber intrusion that investigators suspect is linked to the MOVEit data breach. In a statement, the school claimed that the data breach may have impacted certain sensitive personal and financial information, such as names, addresses, and medical billing records.

Ofcom, the communications regulator in the UK, also reported that sensitive data was stolen in the MOVEit mass hack. The regulator revealed that hackers obtained company data and 412 Ofcom workers' personal information.

Tags
Breach, Data Breach, Hack, Cyber Attack, Cyberattack
Real Time Analytics