Clop gang ultimatum to MOVEit hack victims: email before 14 June or data leaked

Photo of Jamie Cartwright Jamie CartwrightPublished: 08:08, 07 June 2023| Updated: 13:21, 26 December 2023
670 2 minutes read

A cybercrime gang believed to be operating from Russia has issued a deadline to victims of a global hacking attack, warning that stolen data will be published if they fail to contact the group by June 14. The Clop group posted the notice on the dark web, targeting organisations affected by the MOVEit hack. Over 100,000 employees at the BBC, British Airways, and Boots have been informed that their payroll data might have been compromised. Companies are being advised not to pay any ransom if demanded by the hackers.

Clop was initially suspected to be behind the hack, which was announced last week. The criminals managed to infiltrate the popular business software MOVEit and subsequently gained access to databases of potentially hundreds of other firms. Microsoft analysts confirmed on Monday that Clop was responsible, based on the techniques used in the attack. The group has now claimed responsibility in a blog post written in broken English.

The post, viewed by the BBC, reads: “This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit.” The message instructs victim organisations to email the gang for negotiations on their darknet portal. This unusual approach could be due to the large scale of the hack, which is still being processed globally.

Progress Software, a US company, supplies MOVEit to numerous businesses for secure file transfers within company systems. UK-based payroll services provider Zellis was one of its users. Zellis confirmed that data from eight organisations, including home addresses, national insurance numbers, and in some cases, bank details, had been stolen.

Related news

Experts advise individuals not to panic and recommend that organisations follow security guidelines issued by authorities such as the US Cyber Security and Infrastructure Authority.

On its leak site, Clop claims to have deleted data from government, city, or police services, stating, “Do not worry, we erased your data you do not need to contact us. We have no interest to expose such information.” However, researchers caution against trusting the criminals. Brett Callow, a threat researcher from Emsisoft, said, “If the information has monetary value or could be used for phishing, it’s unlikely that they will simply have disposed it.”

Clop, thought to be based in Russia, has long been monitored by cybersecurity experts. Russia has been accused of providing a safe haven for ransomware gangs, a claim it denies. Clop operates as a “ransomware as a service” group, allowing hackers to rent their tools for attacks from any location. In 2021, alleged Clop hackers were arrested in Ukraine in a joint operation with the US and South Korea. Authorities claimed to have dismantled the group, which they said had extorted US$500 million from victims worldwide. However, Clop remains an ongoing threat.

World News
Photo of Jamie Cartwright

Jamie Cartwright

Jamie is a keen traveler, writer, and (English) teacher. A few years after finishing school in the East Mids, UK, he went traveling around South America and Asia. Several teaching and writing jobs, he found himself at The Thaiger where he mostly covers international news and events.

Related Articles

From civil servant to prime minister: Meet Singapore’s new leader

Published: 14:06, 15 May 2024

Engineer’s zero sperm count unveils family lineage mystery

Published: 09:28, 15 May 2024

British DJ plans seventh girlfriend to complete weekly roster

Published: 18:01, 14 May 2024

Shanghai man loses 15 kilogrammes due to rare disorder

Published: 18:01, 13 May 2024