Two States Fall Victim to Ransomware Attack

Last updated on May 8th, 2024 at 11:47 pm

AI generated image of two people in hoodies in a mosaic style.
Image generated by Safe Not Scammed using Midjourney. Prompt: 2 ransomware victims come forward, bold colors, glitch effect

On Friday, the State of Illinois and the Minnesota Department of Education both revealed they were victims of the Cl0p ransomware gang. Cl0p exploited a vulnerability in file transfer software MOVEit at the end of May, breaching up to hundreds of organizations worldwide.

Minnesota Department of Education

The Minnesota Department of Education (MDE) reported that 24 of their files were accessed using the exploit on May 31st, the same day they were made aware of the vulnerability.

An AI generated image of a female student standing in between shelves of books.
Image generated by Safe Not Scammed using Midjourney. Prompt: Student records stolen, bold colors, glitch effect

These 24 files contained information on 95,000 students in foster care, 124 students in the Perham School District, 29 students at Hennepin Technical College, and 5 students who took a particular bus route.

The stolen information included student names, addresses, dates of birth, and, in the case of students at Hennepin Technical College, academic transcripts and the last 4 digits of the students’ SSNs. However, MDE reported that financial information was not accessed.

State of Illinois

The Illinois Department of Innovation & Technology (DoIT) reported its security teams responded to Cl0p’s attack “within minutes” and kicked the gang out of its networks “within three hours”. Nonetheless, it “believes a large number of individuals could be impacted” by the hack. 

An AI generated image of a lock against a colorful background

Image generated by Safe Not Scammed using Midjourney. Prompt: Cybersecurity protection, bold colors, glitch effect

DoIT is carrying out an investigation to figure out the scope of the attack and identify whose information was stolen. Once it has done so, it will make a public announcement and set up a call center to help those who were affected.

Ransom demands

While MDE claimed “there have been no ransom demands” in their press release, Cl0p posted a message to all affected organizations on their leak site. In the message, Cl0p asked organizations to contact them to negotiate the price to delete their stolen information.

The gang added, “If you are a government, city or police service do not worry, we erased all your data.” Whether the cybercriminals can be trusted, however, remains to be seen.

Update June 14th

The State of Missouri announced on June 13th that they had also been impacted by the MOVEit vulnerability. In a public statement, the state’s Office of Administration noted that they were investigating the incident and would make a public announcement “once entities, individuals, or systems who may have been impacted are identified.”

Leave a Comment

Your email address will not be published. Required fields are marked *