Crown Resorts approached by crooks exploiting GoAnywhere bug
Crown Resorts, Australia’s largest gaming and entertainment company, has been contacted by a ransomware gang that claims to be exploiting Fortra’s GoAnywhere vulnerability.
The gambling giant said it was one of many breached due to the zero-day bug found on Fortra’s GoAnywhere managed file transfer and admitted a ransomware gang had contacted it.
“We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority,” the company’s spokesperson said.
Crown Resorts insisted that no customer data was exposed due to the attacks, and the company’s business operations were not affected by the attack.
While the company doesn’t specify the name of the ransomware gang that contacted it, it’s highly likely to be the Russia-linked Cl0p ransomware syndicate. The gang has added dozens of victims lately, alleging the attacks were made possible because of the GoAnywhere bug.
Notable victims of the Cl0p zero-day flaw exploit include retail giant Procter & Gamble (P&G), insurer Munich Re, Virgin Red, education company Pluralsight, energy behemoths Shell and Hitachi, and many other companies.
However, several companies attacked by Cl0p told Cybernews they were unfazed by the claimed breaches, saying the exposed data had little effect on daily activities, with some going as far as to call the exposed data “meaningless content.”
Cl0p ransomware has been around since 2019. The gang has also been at the forefront of the ransomware world, with estimated payouts reaching $500 million in November 2021.
Even though the gang stopped operations following the arrest of several affiliates in late 2021, Cl0p came back to life earlier this month. Since then, the gang has been on a spree.
The use of the GoAnywhere zero-day flaw was confirmed by the cybercriminals themselves, adding the vulnerability was used to supposedly breach 130 organizations.
