Organizations all over the world have been hacked by a group of hackers who are thought to be based in Russia. The hackers have given the organizations that have been hacked a deadline.
The Clop group put up a notice on the dark web telling companies that had their data stolen by the MOVEit hack to send them an email by June 14 or their stolen data would be made public.
Payroll information may have been taken from more than 100,000 people who work at the BBC, British Airways, and Boots.
Employers are being told not to pay hackers a fee if they ask for one.
BBC, BA, and Boots are among the companies whose payrolls were hacked.
What can people who get hacked in a mass attack do?
Researchers in cyber security had thought before that Clop might have been behind the hack that was first reported last week.
The thieves found a way to break into a famous business program called MOVEit, which gave them access to the databases of possibly hundreds of other companies.
Based on how the hack was done, analysts at Microsoft said on Monday that they thought Clop was to blame.
A long blog post written in broken English has now proven it.
The BBC saw a post that said, “This is an announcement to let companies that use Progress MOVEit know that there is a chance that we will download a lot of your data as part of an exceptional exploit.”
The post then tells victim groups to send an email to the gang to start talking about the crew’s darknet site.
Hackers usually send ransom demands to target organizations via email, but in this case, they want the victims to get in touch with them. This could be because Clop can’t handle the size of the hack, which is still being worked on all over the world.
“In my opinion, they have so much information that it’s hard for them to keep track of it all. “They’re betting that if you know, you’ll get in touch with them,” says Amir Hadipasi, CEO of SOS Intelligence.
In the US, many businesses use MOVEit from Progress Software to move files safely between company computers. One of its customers was the UK-based payroll services company Zellis.
Zellis has stated that information from eight UK organizations, such as home addresses, National Insurance numbers, and in some cases, bank details, has been stolen because of this. Not all firms had the same information leaked.
Customers of Zellis whose accounts have been broken into are:
- BBC
- British Airlines
- Aer Lingus
- Boots
Staff at the University of Rochester and the Nova Scotia Government are also being told that data may have been stolen through the MOVEit flaw.
Experts say that people shouldn’t freak out and that businesses should do security checks given by bodies like the US Cyber Security and Infrastructure Authority.
On its leak site, Clop says that it has gotten rid of all data from government, city, and police services.
“Don’t worry, we got rid of your information. You don’t need to get in touch with us. We have no reason to share this kind of information,” it says.
Researchers say, though, that you can’t trust the crooks.
“I wouldn’t put too much stock in Crop’s claim that he got rid of information about public sector organizations. “They probably didn’t just throw away the information if it was worth money or could be used for phishing,” said Brett Callow, a threat analyst at Emsisoft.
Cybersecurity experts have been keeping track of Clop for a long time. They think it is based in Russia because it mostly attacks Russian-language sites.
Russia has been called a safe haven for ransomware gangs for a long time, which it rejects.
Clop, on the other hand, is a “ransomware as a service” group. This means that hackers can rent their tools and use them to launch attacks from anywhere.
In 2021, Ukraine, the US, and South Korea worked together to catch people who were thought to be Clop hackers
Кіберполіція викрила хакерське угруповання у розповсюдженні вірусу-шифрувальника та нанесенні іноземним компаніям пів мільярда доларів збитків
Деталі: https://t.co/mhFBP6oOtR pic.twitter.com/LR41D2uN8Q
— Національна поліція України (@NPU_GOV_UA) June 16, 2021
At the time, the officials said they had stopped the group, which they said was responsible for getting $500 million from victims around the world.
But Clop has been a threat for a long time.
If you are interested in learning more about this subject, I suggest checking out the following links:
- Drunken Shooting ‘Game’ Ends in Painful Death of French Woman
- Historic Church Consumed by Flames in Aftermath of Lightning Strike
Do you know what’s going on in California politics right now? You can keep up with what’s happening in California by following the California Examiner on Twitter