Yesterday, ransomware gang Cl0p began listing organizations affected by its exploit of file transfer software MOVEit. The gang used the exploit to steal data from potentially hundreds of companies around the world at the end of May.
The gang had previously instructed affected companies to begin negotiations by June 14th to avoid being named and shamed on its data leak site. The companies currently being listed presumably failed to contact the cybercriminals.
According to data from threat intelligence platform ecrime.ch, 27 organizations were listed as affected by Cl0p since June 14th, with 1 organization listed and later removed. 11 of these organizations were from the banking and financial services sectors. Organizations from the hospitals and healthcare, insurance, and pharmaceutical manufacturing industries were also listed.
Some companies not currently listed on Cl0p’s leak site previously disclosed they were affected by the attack. British Airways and the BBC, for example, announced they were among the ransomware gang’s victims after their payroll provider, Zellis, was breached. Multiple US states also disclosed they were caught up in the attack.
Other companies are likely negotiating with Cl0p to delete their stolen data and not reveal they were breached in the attack. If the negotiations are not successful after three days, Cl0p has warned it will create a “custom page” for the offending company on its data leak site. After seven days, the gang will then start to leak the company’s stolen data.
We can therefore expect to see more companies named as Cl0p victims in the coming days.