In a significant development following the MOVEit vulnerability cyber attack, the Cl0p ransomware group has been hit with a major setback. The United States’ Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have joined forces to tackle the ransomware group and put a $10 million reward on their heads. This move comes as a relief to the victims of the MOVEit vulnerability who have been targeted by ransomware attacks.
The US State Department program, Rewards for Justice, took to Twitter to make the announcement of the substantial reward. The $10 million bounty is being offered to anyone who can provide actionable intelligence on the Cl0p ransomware group. This is aimed at gathering information about the activities and operations of the group, which has been responsible for publicly naming victims of security breaches.
Following the announcement of the reward, it has been observed that the Cl0p ransomware group has temporarily halted their illicit activities. The group had been targeting various organizations and publicly disclosing their names after gaining access to their systems through the MOVEit Transfer and Zellis payroll service platform. The group had allegedly exfiltrated large amounts of data from these organizations.
The MOVEit vulnerability, also known as CVE-2023-34362, was discovered by Progress’s MOVEit on May 31. Shortly after, the Cl0p ransomware group started carrying out cyber attacks on clients who used MOVEit or Zellis. This included prominent organizations such as BBC, British Airways, Aer Lingus, and the Canadian government website Nova Scotia.
The hackers initially set a deadline of June 12, later changing it to June 14, after which they threatened to leak the exfiltrated data. They claimed to have permanently erased the data of government, city, and police officials, reassuring them that there was no need to worry about their data being exposed. However, they continued to target more organizations and named them on their website as victims of their ransomware attacks.
The Cl0p ransomware group expanded their victim list to include Johns Hopkins University, University of Georgia, Shell, Putnam Investments, and several government websites. The U.S. Energy Department reportedly received two ransom notices from the group. Their activities spanned across various sectors, affecting government, healthcare, education, and more.
However, following the announcement of the $10 million reward by the FBI and CISA, the Cl0p ransomware group’s leak site stopped naming the companies targeted through the MOVEit cyber attack. This development has brought some relief to the victims who were at risk of their sensitive information being exposed.
Some of the last victims named by Cl0p before they halted their naming activities were the Minnesota Department of Education, UK’s telco regulator Ofcom, and Tesco Bank. As of June 16, a total of 63 victims had been named by the group in connection with the MOVEit vulnerability exploitation.
It is important to note that this report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users should exercise caution and responsibility when relying on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
This joint effort by the CISA and FBI, along with the substantial reward against the Cl0p ransomware group, marks a significant step in combating cybercriminals and protecting the victims of ransomware attacks. It sends a strong message that the United States is dedicated to safeguarding its critical infrastructure and holding cybercriminals accountable for their actions.