View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Sony, EY and PwC latest victims of Cl0p ransomware’s MOVEit Transfer cyberattack?

The trio are the latest victims of the sprawling cyberattack that has hit some of the biggest names in the business world.

By Matthew Gooding

Sony, EY and PwC are the latest big businesses to be listed on ransomware gang Cl0p’s dark web blog as the number of victims of a massive cyberattack perpetrated by the group continues to grow. Cl0p has been exploiting a vulnerability in file transfer platform MOVEit Transfer and demanding ransoms from affected companies. It has named 95 supposed victims of the breach.

Sony is one of the latest companies posted on Cl0p’s dark web blog as a victim of the massive cyberattack. (Photo by testing/Shutterstock)

The attack, which started earlier this month, could turn out to be one of the largest in history, with victims spanning the public and private sectors in the US, UK and beyond.

Have Sony, EY and PwC fallen victim to Cl0p cyberattack?

Cl0p claimed today that it has data on Japanese electronics manufacturer Sony, along with Big Four accountancy firms EY and PwC. It says it has 120GB of data from PwC which it could leak if its demands are not met.

The group also denied that it is holding data from government agencies, saying that it only exploits private companies for financial reward.

“We got a lot of emails about government data, we don’t have any government data,” a message on the blog reads, adding that the group does “the polite thing” and deletes such information.

The Cl0p message continues: “We want to remind all company [sic] that if you put data on the internet where data is not protected do not blame us for penetration testing service. We are only financially motivated and do not care about politics.”

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Ransomware groups often deny they hold sensitive information from government departments, particularly if they think possessing such information will cause law enforcement agencies to investigate them more closely.

Tech Monitor has contacted EY, PwC and Sony for comment on Cl0p’s claims.

Cl0p denies stealing Zellis data on BA, BBC and Boots

Three of the most high-profile victims of the vulnerability in MOVEit Transfer, a secure file transfer system used by thousands of businesses around the world, are British Airways, the BBC and Boots. The trio all informed staff their data may have been stolen after a software vendor used by all three companies, payroll platform Zellis, was compromised in the breach.

However, Cl0p has denied it holds data from Zellis. In an email exchange with the BBC, members of the group said: “We don’t have that data and we told Zellis about it. We just don’t have it. We are an old group and have never deceived anyone, if we say that we do not have information, then we do not have it.”

The companies were reportedly given a 14 June deadline by hackers to pay up or face having data posted online. However, as yet no information is thought to have been leaked. This raises the possibility that other hackers are also exploiting the MOVEit Transfer vulnerability. It was first disclosed by Progress Software, developer of MOVEit Transfer, on 31 May, but no other gang has yet made any public declarations that it has stolen data by utilising the glitch.

Read more: ICO urges companies to use privacy enhancing technologies

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.