Hacker group MOVEit claims to not have data from Boots, BBC, or BA

Clop leak location

The BBC has received a statement from cybercriminals claiming they do not possess the data of large UK organizations that are allegedly the targets of a widespread hack.

Sensitive payroll data was stolen in the breach last month, according to organizations like the BBC, British Airways, and Boots.

But as of right now, according to the hackers Clop, "we don't have that data.".

It makes it more likely that either Clop is lying or that the data has been obtained by another unidentified hacking group.

The UK payroll service Zellis, which hackers broke into to access the data of the BBC, Boots, and BA, said it couldn't comment because a police investigation was ongoing.

In an effort to coerce them into paying a ransom, Clop has been posting company profiles of the victims of its hack since June 14th.

But so far, no names of the biggest and most well-known victims in the UK have been published.

The names, websites, and business addresses of nearly 50 victims have all been added by Clop in small batches to their darknet website.

More than a dozen nations, including the US, Germany, Switzerland, the UK, Canada, and Belgium, are represented by the organizations, which also include banks, universities, travel agencies, and software firms.

Several of the businesses listed by Clop on their alleged "leak site" have independently acknowledged having had their data stolen.

Unless victims pay a ransom in Bitcoin that is probably worth hundreds of thousands of dollars or more, Clop is threatening to publish the stolen data.

It's believed that hundreds of businesses that used the file transfer software MOVEit had their data stolen.

Eight significant UK companies, including the BBC, BA, and Boots, were among those affected. They were clients of Zellis, which was also compromised by MOVEit.

However, the cybercriminals repeatedly denied stealing the Zellis data in an email conversation with the BBC.

"We told Zellis we didn't have that information. We simply lack it. We are a veteran group that has never misled anyone; if we say we don't have information, we don't," the hackers argued.

Only referring back to its prior statement, Zellis said, "We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. ".

The business claims that as soon as it learned about the hack, it acted quickly to disconnect the server on which the MOVEit software was installed.

The company claims that in order to respond to the attack, it has hired a knowledgeable outside security team and informed the pertinent UK data authorities.

The claims made by Clop, which further cloud an already complicated situation, perplex cyber security experts.

According to threat researcher Brett Callow from Emsisoft, Clop may be hiding the fact that they stole the data as part of a deal with another hacking group to sell it.

Clop, however, insisted that "we didn't sell anything to other hackers.".

There are numerous possibilities, according to other experts.

The head of SOS Intelligence, Amir Hadipasi, stated that "Clop has no real reason to say they don't have the data.".

If they are telling the truth, I believe that some other hackers may have broken in and stolen the data before Clop, and if Clop doesn't have the data, this situation is less predictable. Another hacking group will use their hacking skills to get the files onto the darkweb somewhere, he continued.

Progress Software, the company behind MOVEit, first disclosed the hack on May 31.

The thieves discovered a way to breach MOVEit, and they were then able to use that access to gain access to the databases of perhaps hundreds of other businesses.

It's possible that the data was stolen in a different way by a different group, though, as a number of security flaws have been discovered in the software since the initial MOVEit disclosure.

The United States offered a $10 million reward on Friday for "information tying the Clop gang or any other malicious cyber actors attacking US critical infrastructure to a foreign government."

Source link

You've successfully subscribed to Webosor
Great! Next, complete checkout to get full access to all premium content.
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Billing info update failed.