In a news broadcast by the BBC, it has been revealed that Several companies around the world have suffered a cyberattack on a commercial software MOVEit that affected the same BBC, as well as British Airwaysamong others.
Amid growing concerns about cyber security, a massive cyberattack has endangered the data of major companies worldwide.
A group of cybercriminals known as Clop, has issued an ultimatum to the affected organizations threatening to reveal the stolen data if negotiations are not started before June 14.
Among the companies affected are recognized entities such as the BBC, British Airways and Boots, who have informed more than 100,000 employees about the possible leak of their payroll data.
The authorities warn the affected companies that do not give in to the demands of hackers, and organizations are urged to follow the recommendations of cyber security authorities to safeguard your systems.
The group of hackers Clop has used the commercial software MOVEit as an entry point for his massive cyberattack. By exploiting vulnerabilities in this software, criminals have gained access to the databases of hundreds of companies around the world.
In the news broadcast by the BBC, it was indicated that Microsoft, based on analysis techniques, has confirmed that Clop is behind this attack, which has been supported by a lengthy blog post by the group in broken English. In said blog, Clop announces its intention to make public a large amount of data belonging to companies that use the Progress MOVEit product.
An unusual tactic adopted by Clop is that requires victims to contact them via email on the dark web to start negotiations. This strategy may be due to the group’s lack of knowledge about the magnitude of the attack, as well as the difficulty of managing the large amount of stolen data.
Amir Hadžipasić, CEO of SOS Intelligence, suggests that Clop is betting that affected companies will contact them if they are aware of the hack..
Among the companies affected is the UK-based payroll service provider Zellis. Zellis has confirmed that data from eight UK organizations has been stolen, including addresses, national insurance numbers and, in some cases, banking information..
Other businesses affected include Aer Lingus, Boots, the government of the Canadian province of Nova Scotia and the University of Rochester.
Faced with this situation, the authorities urge people to remain calm and for organizations to implement security controls recommended by entities such as the United States Cyber Security and Infrastructure Authority.
Clop has claimed to have removed data related to government, municipal and police services, but security experts warn that the truth of this claim cannot be trusted. There is a risk that stolen information could have a monetary value or be used in phishing attacks.
Clop is known to operate primarily on Russian-language forums, which has led to speculation that it is based in Russia. Although Russia has denied being a safe haven for ransomware gangs, the Clop group functions as a “ransomware as a service”, which means that hackers can rent their tools to carry out attacks from any geographic location.
Despite 2021 arrests in Ukraine, where suspected Clop members were captured, the group has continued to pose a persistent threat.
The massive cyberattack carried out by the Clop group has endangered the data of important companies worldwide. The threat to reveal sensitive information has raised concerns among affected organizations and their employees.
Although the authorities advise against giving in to the demands of hackers, companies are urged to take additional security measures and follow the recommendations of the competent authorities. The incident highlights the importance of cyber security and the need to protect sensitive systems and data in an increasingly interconnected digital environment..
Disclaimer: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
It may interest you:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.