Companies and government agencies have been added in recent days to the list of institutions victimized by a supply chain cyberattack by a ransomware gang that exploited a weakness in file transfer software popular with enterprises. To date, the sector with the largest share of victims has been financial services — specifically banks and credit unions.
On May 27, ransomware gang Cl0p started exploiting a zero-day vulnerability in Progress Software's product MoveIt to steal data from at least 91 organizations, including state and federal agencies and at least 10 U.S. banks and credit unions. Data compromised in the leaks included names, addresses, birthdates, Social Security numbers and more.
Progress
The Cybersecurity and Infrastructure Security Agency said this month in
Brett Callow, a security researcher for Emsisoft, said Wednesday that he had identified 91 institutional victims of the Cl0p attacks to date. The total number of customers and citizens who had data caught up in the breach is not currently known, as investigations into the breaches are ongoing.
"At this point, we don't have good visibility into which organizations have been impacted or the nature of the data that has been exfiltrated, and that makes it impossible to speculate as to the overall seriousness of the incident and its likely impact," Callow said. "That said, it's probably safe to say that Cl0p is now in possession of a massive amount of information that could be used for phishing, identity fraud, etc."
Firms looking to identify what files Cl0p might have stolen can use
Cl0p has been posting names of victims on its data leak site for days and posted additional names as late as Wednesday,
State agencies in
The increases may simply reflect better detection and reporting, but banks continue to facilitate large ransom payments to sanctioned individuals.
Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency,
"Based on discussions we have had with industry partners ... these intrusions are not being leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high value information — in sum, as we understand it, this attack is largely an opportunistic one," Easterly said.
Cl0p said on its data leak site that it had deleted all the data it stole from state and federal agencies, a claim security experts have warned not to take too seriously because of the value of such data. Steve Povolny, director of security research at cybersecurity firm Exabeam, said ransomware groups make these kinds of claims to avoid greater liabilities that would make them a weightier target for law enforcement.
"I think the question of whether we should believe anything a malicious nation-state actor claims should be fairly straightforward: Don't trust, and verify," Povolny said.