View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 14, 2023updated 17 Jul 2023 5:03pm

The Discovery channel and Shutterfly among Cl0p’s latest MOVEit Transfer ransomware victims

Nine more alleged victims have been posted on the gang's blog as the fall-out from the breach continues.

By Matthew Gooding

The seemingly never-ending list of victims of ransomware gang Cl0p’s wide-scale cyberattack exploiting a vulnerability in file transfer service MOVEit Transfer grew larger yesterday when nine new companies were posted to the group’s dark web blog. These include the Discovery TV channel and online photo printing service Shutterfly.

Discovery is among the new alleged victims of Cl0p’s MOVEit Transfer vulnerability attack. (Photo by Iftekkhar/Shutterstock)

Now into its second month, the MOVEit Transfer vulnerability is proving to be one of the largest supply chain cyberattacks in history, rivalling the 2020 SolarWinds breach and the 2021 exploitation of the Log4J vulnerability. It has seen Russian hacking gang Cl0p take advantage of a previously unknown flaw in the MOVEit Transfer, which is used by businesses around the world to securely share documents.

Cl0p has been able to access the systems of MOVEit Transfer users and steal data about them and their customers. And although a patch has been released to solve the problem, the number of victim companies posted on the group’s dark web blog is now more than 100, including some of the biggest names in business.

Cl0p’s latest victims revealed

This week Cl0p claims it has stolen data from nine new victims. These include Discover, the long-running cable TV channel owned by Warner Bros. Discovery, and Shutterfly, which operates online photo processing and printing services and operates brands including Snapfish. The latter was victim to a ransomware attack two years ago, when another Russian gang, Conti, stole 7GB of data including personal information of staff.

Other businesses listed on the gang’s dark web blog are software companies Aspen Technology, payroll platform Paycom and automotive parts maker Motherson, as well as Yakult, Voss, The University of Rochester and the University Federal Credit Union. Details of ransoms demanded have not been revealed, Tech Monitor has contacted the victims for comment.

Earlier this week, hospitality group Choice Hotels, which operates the Radisson hotel chain, confirmed it had been breached as part of the hack. “Unfortunately, we have confirmed that MOVEit software, from our vendor, had a vulnerability that was exploited by bad actors, resulting in data breaches affecting many of their customers, including Radisson Hotels Americas,” a company statement said.

“Choice Hotels takes cybersecurity and privacy very seriously,” the statement continued. “The integrity of our customers’ information is of the utmost importance, and significant resources are dedicated to continuously monitor the cyber landscape, including guidance from regulators, so that we can evaluate and adjust as needed.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

American National Insurance Company, one of the largest US insurers, also said this week its data had been accessed by Cl0p.

MOVEit Transfer vulnerability: list of impacted businesses grows

The new victims join the likes of British Airways, the BBC and Boots, all of which had data accessed in the early days of the hack when their payroll provider was compromised.

Since then, companies including Shell and Sony have also been exposed as victims, while staff at Dublin Airport were told their personal details have probably been stolen as part of the breach.

The UK’s National Cyber Security Centre has published an advisory about the vulnerability, stating that it “strongly encourages organisations to take immediate action by following vendor best practice advice and applying the recommended security updates.”

Cl0p, which is thought to be based in Russia, has been active over the last couple of years. Other high-profile attacks include a successful hit on print management company PaperCut, while it also security company Fortra, stealing data on 63,000 children.

Read more: South Staffordshire Water hit by Cl0p ransomware attack

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.