Sony, EY and PwC are the latest big businesses to be listed on ransomware gang Cl0p’s dark web blog as the number of victims of a massive cyberattack perpetrated by the group continues to grow. Cl0p has been exploiting a vulnerability in file transfer platform MOVEit Transfer and demanding ransoms from affected companies. It has named 95 supposed victims of the breach.
The attack, which started earlier this month, could turn out to be one of the largest in history, with victims spanning the public and private sectors in the US, UK and beyond.
Have Sony, EY and PwC fallen victim to Cl0p cyberattack?
Cl0p claimed today that it has data on Japanese electronics manufacturer Sony, along with Big Four accountancy firms EY and PwC. It says it has 120GB of data from PwC which it could leak if its demands are not met.
#Cl0p has listed more victims including #PwC, #Sony, and #EY (Ernst & Young.) The count of known victims now stands at 95, which includes 12 public sector bodies in the US and 8 in other countries. #MOVEit pic.twitter.com/klRqgnMLyb
— Brett Callow (@BrettCallow) June 22, 2023
The group also denied that it is holding data from government agencies, saying that it only exploits private companies for financial reward.
“We got a lot of emails about government data, we don’t have any government data,” a message on the blog reads, adding that the group does “the polite thing” and deletes such information.
The Cl0p message continues: “We want to remind all company [sic] that if you put data on the internet where data is not protected do not blame us for penetration testing service. We are only financially motivated and do not care about politics.”
Ransomware groups often deny they hold sensitive information from government departments, particularly if they think possessing such information will cause law enforcement agencies to investigate them more closely.
Tech Monitor has contacted EY, PwC and Sony for comment on Cl0p’s claims.
Cl0p denies stealing Zellis data on BA, BBC and Boots
Three of the most high-profile victims of the vulnerability in MOVEit Transfer, a secure file transfer system used by thousands of businesses around the world, are British Airways, the BBC and Boots. The trio all informed staff their data may have been stolen after a software vendor used by all three companies, payroll platform Zellis, was compromised in the breach.
However, Cl0p has denied it holds data from Zellis. In an email exchange with the BBC, members of the group said: “We don’t have that data and we told Zellis about it. We just don’t have it. We are an old group and have never deceived anyone, if we say that we do not have information, then we do not have it.”
The companies were reportedly given a 14 June deadline by hackers to pay up or face having data posted online. However, as yet no information is thought to have been leaked. This raises the possibility that other hackers are also exploiting the MOVEit Transfer vulnerability. It was first disclosed by Progress Software, developer of MOVEit Transfer, on 31 May, but no other gang has yet made any public declarations that it has stolen data by utilising the glitch.