A Russian-speaking cybercrime group known as CL0P has been identified as the perpetrator of a recent series of attacks targeting various organizations, including federal U.S. agencies. The group specializes in ransomware attacks, where they extort victims by encrypting their data or stealing and threatening to publish files.
Recent victims include the BBC, Shell, Johns Hopkins Health Systems, British Airways, the state of Illinois, and the departments of motor vehicles of Oregon and Louisiana. The Cybersecurity and Infrastructure Security Agency (CISA) confirmed that multiple agencies were affected by CL0P’s attacks, although the Department of Energy is the only agency to publicly acknowledge being a victim so far.
CL0P exploited a vulnerability in MOVEit, a file transfer program used by many organizations. Those using outdated versions of MOVEit were particularly vulnerable to the attack, as CL0P was able to retrieve files from their systems. The hackers posted a statement on the dark web, reminding companies that they should not blame CL0P if their data is exposed due to inadequate protection.
While CL0P listed numerous companies as victims on their website, not all of them have been independently confirmed. However, many organizations have released statements acknowledging the breach and the theft of their data. For example, the Louisiana Office of Motor Vehicles believes that data belonging to all individuals with state-issued driver’s licenses, IDs, or car registrations may have been exposed. The Oregon Department of Transportation advised individuals to assume that their active license or ID card information was compromised.
The impact of the attack extends beyond the United States, as British Airways and the BBC have also reported being affected. Shell is investigating the situation, while Ernst and Young, a global accounting firm, is conducting a thorough investigation to assess potential data access. It is likely that CL0P has targeted numerous organizations, possibly numbering in the hundreds, according to Wendi Whitmore, a cybersecurity expert at Palo Alto Networks.
The incident highlights the ongoing threat posed by ransomware attacks and the need for organizations to maintain up-to-date and robust cybersecurity measures to protect sensitive data. Law enforcement agencies and cybersecurity professionals are actively investigating the attacks and working to mitigate their impact.