Cl0p, a notorious ransomware group, has recently updated its victim list to include nine organizations from the United States, Germany, and the Philippines. Among the US organizations targeted by the group are Paycom, Motherson Group, Aspen Technology, and Discovery. These organizations, along with the others, were listed on Cl0p’s dark web portal.
In response to the cyber attack, Paycom issued a statement confirming that a group of threat actors claimed to have exploited a vulnerability in a third-party tool owned by Progress Software Corp., called MOVEit. However, Paycom stated that there is currently no indication that their software application has been impacted by the attack.
On the other hand, Germany-based VOSS and Yakult Philippines Incorporated are yet to confirm any cybersecurity incidents. However, the University of Rochester has disclosed that it has experienced a cyber attack. Tracey Harrison, Vice President of 1199 SEIU Union Chapter for the University of Rochester staff, commented on the impact of the attack, stating that the attackers have accessed a wide range of personal information, including marital status, social demographics, work shifts, income, and social security numbers of faculty, students, and staff.
The University of Rochester attributed the security breach to the exploitation of the MOVEit File Transfer vulnerability. According to screenshots from Cl0p’s dark web portal, the ransomware group claimed to have exfiltrated 360GB of data from the Paycom cyber attack and 316GB from the alleged Motherson Group cyber attack. The file size stolen from Discovery, Yakult, the University of Rochester, and the Shutterfly cyber attack was not mentioned in Cl0p’s post. However, 46GB of company data was reported to be stolen in the Aspen Technology cyber attack.
Cl0p’s messages on its dark web portal highlighted the group’s claims of negligence on the part of the targeted organizations towards their customers’ security. As of now, the websites of the targeted organizations remain accessible, and The Cyber Express has reached out to them for their statements. The report will be updated based on their responses.
According to Brett Callow, a Threat Analyst, the number of cyber attacks exploiting the MOVEit vulnerability is expected to reach 314 incidents and impact 45 US schools. This could potentially impact the personal data of approximately 18,182,931 individuals.
Cl0p ransomware group is known for operating on a Ransomware-as-a-Service (RaaS) model and mainly targets larger organizations and file transfer services. The ransomware itself is a variant of CryptoMix and employs a double extortion technique. The group has been observed targeting healthcare organizations, government agencies, universities, and private companies. Their ransomware is commonly spread through phishing emails containing malicious links, attachments, or exploit kits. Once a device is infected, the ransomware encrypts files and leaves a ransom note demanding a payment in exchange for the decryption key.
Disclaimer: The information provided in this report is based on internal and external research and should be used for reference purposes only. Users are solely responsible for their reliance on this information, and The Cyber Express assumes no liability for the accuracy or consequences of its use.