The victims of a hack that has affected organizations all over the world have been given an ultimatum by a prolific cybercrime gang that is thought to be based in Russia.
The Clop group posted a warning on the dark web requesting that anyone impacted by the MOVEit hack email them before June 14 or else the stolen data will be made public.
Over 100,000 employees of the BBC, British Airways, and Boots have been informed that payroll information may have been stolen.
If the hackers demand a ransom, employers are urged not to comply.
The hack that was first reported last week may have been the result of Clop, according to previous cyber security research.
The criminals discovered a way to breach MOVEit, a piece of well-known business software, and used that access to gain access to the databases of potentially hundreds of other businesses.
Based on the hacking methods used, Microsoft analysts stated on Monday that they thought Clop was at fault.
In a lengthy blog post that was written in sloppy English, it has now been confirmed.
According to the post, which was obtained by the BBC, "This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit. ".
In order to start negotiations on the crew's darknet portal, the post continues by urging victim organizations to email the gang.
This is an unusual tactic because typically, hackers will email victims with ransom demands, but in this case, the hackers are requesting that the victims contact them directly. This may be due to Clop's inability to handle the scope of the hack, which is still being investigated globally.
Many US businesses use MOVEit from Progress Software to move files around corporate systems in a secure manner. One of its users was UK-based Zellis, a provider of payroll services.
Home addresses, social security numbers, and, in some cases, bank information were among the information stolen from eight organizations, according to Zellis.
As of now, each of the following has claimed that data theft may have occurred.
- BBC.
- American Airlines.
- Air Lines.
- Boots.
- Gov. of Nova Scotia.
- It's Rochester University.
According to experts, people shouldn't panic, and organizations should follow security guidelines issued by organizations like the US's Cyber Security and Infrastructure Authority.
On its leak website, Clop claims to have erased all data from city, state, and federal agencies as well as police services.
You don't need to contact us because we deleted your data, so don't worry. We are not interested in disclosing such information, it states.
However, experts claim that it is unwise to trust the criminals.
"It's best to take Clops claim that he deleted data pertaining to public sector organizations with a grain of salt. It's unlikely that they would have simply disposed of the information if it had any monetary value or could be used for phishing, according to Brett Callow, an Emsisoft threat researcher.
The exploits of Clop, which is believed to be based in Russia as it primarily operates on Russian-speaking forums, have been monitored for a long time by cyber security experts.
Russia has long been charged with providing a haven for ransomware gangs, a charge it denies.
But because Clop is a "ransomware as a service" organization, attackers can rent their equipment and launch attacks from any location.
A joint operation between Ukraine, the US, and South Korea resulted in the arrest of alleged Clop hackers in Ukraine in 2021.
At the time, authorities asserted that they had dismantled the organization that they claimed was in charge of extorting $500 million from victims all over the world.
However, Clop has remained a constant threat.
