The seemingly never-ending list of victims of ransomware gang Cl0p’s wide-scale cyberattack exploiting a vulnerability in file transfer service MOVEit Transfer grew larger yesterday when nine new companies were posted to the group’s dark web blog. These include the Discovery TV channel and online photo printing service Shutterfly.
Now into its second month, the MOVEit Transfer vulnerability is proving to be one of the largest supply chain cyberattacks in history, rivalling the 2020 SolarWinds breach and the 2021 exploitation of the Log4J vulnerability. It has seen Russian hacking gang Cl0p take advantage of a previously unknown flaw in the MOVEit Transfer, which is used by businesses around the world to securely share documents.
Cl0p has been able to access the systems of MOVEit Transfer users and steal data about them and their customers. And although a patch has been released to solve the problem, the number of victim companies posted on the group’s dark web blog is now more than 100, including some of the biggest names in business.
Cl0p’s latest victims revealed
This week Cl0p claims it has stolen data from nine new victims. These include Discover, the long-running cable TV channel owned by Warner Bros. Discovery, and Shutterfly, which operates online photo processing and printing services and operates brands including Snapfish. The latter was victim to a ransomware attack two years ago, when another Russian gang, Conti, stole 7GB of data including personal information of staff.
Other businesses listed on the gang’s dark web blog are software companies Aspen Technology, payroll platform Paycom and automotive parts maker Motherson, as well as Yakult, Voss, The University of Rochester and the University Federal Credit Union. Details of ransoms demanded have not been revealed, Tech Monitor has contacted the victims for comment.
Earlier this week, hospitality group Choice Hotels, which operates the Radisson hotel chain, confirmed it had been breached as part of the hack. “Unfortunately, we have confirmed that MOVEit software, from our vendor, had a vulnerability that was exploited by bad actors, resulting in data breaches affecting many of their customers, including Radisson Hotels Americas,” a company statement said.
“Choice Hotels takes cybersecurity and privacy very seriously,” the statement continued. “The integrity of our customers’ information is of the utmost importance, and significant resources are dedicated to continuously monitor the cyber landscape, including guidance from regulators, so that we can evaluate and adjust as needed.”
American National Insurance Company, one of the largest US insurers, also said this week its data had been accessed by Cl0p.
MOVEit Transfer vulnerability: list of impacted businesses grows
The new victims join the likes of British Airways, the BBC and Boots, all of which had data accessed in the early days of the hack when their payroll provider was compromised.
Since then, companies including Shell and Sony have also been exposed as victims, while staff at Dublin Airport were told their personal details have probably been stolen as part of the breach.
The UK’s National Cyber Security Centre has published an advisory about the vulnerability, stating that it “strongly encourages organisations to take immediate action by following vendor best practice advice and applying the recommended security updates.”
Cl0p, which is thought to be based in Russia, has been active over the last couple of years. Other high-profile attacks include a successful hit on print management company PaperCut, while it also security company Fortra, stealing data on 63,000 children.