Has the MOVEit hack paid off for Cl0p?

2023-07-24 14:14

The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research.

Cl0p's attack resulted in the cybercriminal group exfiltrating sensitive information from MOVEit Transfer installations run either by the victim organizations or third-party service providers.

"The upstream/downstream in many MOVEit incidents is extremely complex, with some organizations being impacted because they used a vendor which used a contractor which used a subcontractor which used MOVEit. Additionally, some organizations have had MOVEit exposure via multiple vendors," Simas noted.

The Cl0p gang started operating in 2019 and previously used ransomware to encrypt enterprise victims' data after exfiltrating it.

The group publicly announced rules for extortion negotiation after the MOVEit hack, but it is unknown how many organizations ended up paying the ransom so far.

"While the MOVEit campaign may end up impacting over 1,000 companies directly, and an order of magnitude more indirectly, a very very small percentage of victims bothered trying to negotiate, let alone contemplated paying," the researchers noted, but added that "It is likely that the CloP group may earn $75-100 million dollars just from the MOVEit campaign, with that sum coming from just a small handful of victims that succumbed to very high ransom payments."

News URL

https://www.helpnetsecurity.com/2023/07/24/cl0p-moveit-victims/

#hack #moveit