Security News > 2021 > March > After oil giant Shell hit by Clop ransomware gang, workers' visas dumped online as part of extortion attempt

After oil giant Shell hit by Clop ransomware gang, workers' visas dumped online as part of extortion attempt
2021-03-29 23:46

Royal Dutch Shell is the latest corporation to be attacked by the Clop ransomware gang.

It attempted to downplay the impact noting that "There is no evidence of any impact to Shell's core IT systems," and the server accessed was "Isolated from the rest of Shell's digital infrastructure." But it did acknowledge that the crooks had probably grabbed "Some personal data and... data from Shell companies and some of their stakeholders."

To encourage Shell to pay off the thieves and prevent further stolen data from leaking, the gang has now uploaded to its Tor-hidden website a selection of documents, including scans of purported Shell employees' US visas as well as a passport page and files from its American and Hungarian offices.

Other victims include Canadian aerospace firm Bombardier, which saw details of a military-grade radar leaked, London ad agency The7stars, and German giant Software AG. And to pile on the pressure, the Clop gang now emails the customers of its victims, warning that data has been stolen and will be leaked if a ransom isn't paid, in an attempt to get said clients to demand the extortionists are paid off to keep quiet, reported BleepingComputer.

A PR person for Shell has been in touch to stress once again that the oil giant's Accellion deployment was specifically attacked by thieves rather than its IT systems as a whole.

While the Clop gang has in the past infected victims with ransomware, which scrambles files and demands a ransom to restore them, in this case, the crooks simply stole information, according to the Shell spinner.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/29/shell_clop_ransomware_leaks_update/