Clop ransomware crew sets June extortion deadline for MOVEit victims

2023-06-07 19:46

Clop, the ransomware crew that has exploited the MOVEit vulnerability extensively to steal corporate data, has given victims a June 14 deadline to pay up or the purloined information will be leaked.

Crucially, to steal the data, Clop exploited a deployment of MOVEit used by payroll services provider Zellis; British Airways et al are customers of Zellis, so when Clop broke into the payroll company's IT systems, the miscreants were able to snatch valuable employee data belonging to a host of orgs.

Toronto's Michener Institute has said it was the target of a "Cybersecurity incident." Infosec watcher Dominic Alvieri named the school as a Clop victim, and added that the extortionists have moved their payment deadline for victims from June 12 to the 14th. Additionally, the Canadian province of Nova Scotia today said its health authority and IWK Health Centre was also hit via the MOVEit hole.

A critical vulnerability in a web-facing portion of the code came to light last Thursday; the flaw can be exploited to seize control of a MOVEit deployment, steal its data, and carry out other wrongdoing.

Mass exploitation underway British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack Identity thieves can hunt us for 'rest of our lives,' claims suit after university data leak Criminals spent 10 days in US dental insurer's systems extracting data of 9 million.

"Internet-facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases," the Feds explained.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/07/clop_crew_sets_extortion_deadline/

#clop #moveit #ransomware