Clop Group, a prominent cyber-crime group assumed to be grounded in Russia, has put forth their demands to victims of a hack that has affected organisations worldwide.
This cyber-crime clan has released a notice on the dark web notifying the companies affected by the MOVEit hack to email them before 14 June, otherwise their stolen details will be published online.
At the BBC, British Airways, and Boots, over 100, 000 employees have been informed that their payroll data may have been taken. Employers should not pay if in case the hackers demand a ransom amount.
Cybersecurity research stated earlier that Clop may be the cause of the hack which was first declared last week.
The hackers managed to get access to MOVEit, a well-known business software that enabled them to have access to the databases of several firms. On Monday, Microsoft analysts said that Clop was responsible for the hack based on how the hack was executed. This has now been verified in an elaborate blog written in broken English.
The blog states, “This is an announcement to educate companies who use Progress MOVEit product that the chance is that we download a lot of your data as part of the exceptional exploit.” In the post, victim organisations were warned to email the gang, to begin negotiations on the gang’s portal on the dark web.
While this is an atypical technique as ransom demands are usually emailed to victim organisations by the hackers, however, here they have asked the victims to contact them. This may be because Clop is not able to cope with the degree of the hack which remains under process worldwide.
Amir Hadžipasic, CEO of SOS Intelligence, said, “My take is that they just have so much data that it is difficult for them to get on top of it all. They’re betting that if you know then you will contact them.”
MOVEit is provided by Progress Software in the US to several businesses to safely transfer files within the company systems. Zellis, a Payroll service provider based in the UK, was among its users.
According to Zellis, eight UK organisations have had data stolen, including their home addresses, national insurance numbers, and, in some cases, bank details. The same data has not been stolen from every firm. Zellis customers that are victims of the hack include BBC, British Airways, Aer Lingus, and Boots.
The employees of the Nova Scotia Government and the University of Rochester have also been warned about the data being stolen via the MOVEit weakness.
Experts have advised people not to panic, and for organisations to take security measures ordered by authorities such as the Cyber Security and Infrastructure Authority in the US.
Clop said on its leak portal that any data acquired from the government, city, or police services has been deleted. It reads, “Do not worry, we erased your data, you do not need to contact us. We have no interest in exposing such information.”
However, researchers believe that hackers are not to be trusted.
A threat researcher from Emsisoft, Brett Callow, said, “Clop’s claim to have deleted information relating to public sector organisations should be taken with a pinch of salt. If the information has monetary value or could be used for phishing, it’s unlikely that they will simply have disposed of it.”
Cyber security experts have been tracking the exploits of Clop for a long time, which was considered to be located in Russia as it runs from Russian-speaking forums. For a long time, Russia has been charged with being an asylum for ransomware gangs though it denies the claim.
However, Clop operates as a “ransomware as a service” group, which enables hackers to hire tools used to execute attacks across the world.
In Ukraine, hackers were arrested in 2021 in a joint operation carried out by Ukraine, the US, and South Korea.
At present, authorities said the cyber-crime group has been taken down and claimed that it was responsible for extract $500m from victim organisations worldwide but Clop remains a constant threat.