Cl0p, the ransomware cartel behind the MOVEit Transfer hack, has supposedly published data stolen from 56 organizations.
In a likely attempt to push victims into meeting Cl0p’s ransom demands, the gang simultaneously published data stolen from dozens of organizations. The recent batch includes 56 companies and universities, making the post one of the largest on the gang’s dark web blog so far.
Discovery, Honeywell, Choice Hotels’ Radisson Americas chain, TomTom, Pioneer Electronics, Autozone, and Johns Hopkins University and Health System are several notable names in the list of 56 exposed names.
Attackers posted screenshots of stolen data, ranging from salary statements to companywide documents and sensitive user data. Ransomware cartels often publish tidbits of stolen data to pressure organizations into paying up.
So far, over 540 organizations have been confirmed to be impacted by Cl0p’s MOVEit Transfer attacks, with over 37 million people having their data exposed. Experts fear the gang’s success will encourage other cartels to replicate Cl0p’s tactics.
Who’s behind MOVEit attacks?
Cl0p is a Russia-linked ransom group claiming responsibility for exploiting a SQL database injection flaw in the MOVEit Transfer file system, impacting thousands of companies worldwide.
Most recently, Deloitte, a New York City-based global auditing and accounting firm, confirmed that it also fell victim to the MOVEit attacks, joining others from the Big Four financial service giants, PWC and EY.
Named victims include American Airlines, TJX off-price department stores, Shutterfly, Crowe accounting advisory firm, US government contractor Maximus, and British sports betting giant Flutter Entertainment.
Exclusive information, vetted by Cybernews, indicates that at least some of Cl0p’s affiliates might be residing in Kramatorsk, a Ukrainian city in the country’s embattled east. US officials are offering a $10 million bounty on the Cl0p gang.
More from Cybernews:
Subscribe to our newsletter