The notorious Cl0p ransomware group has launched a leak portal where it has started publishing stolen data from targeted organizations. This comes after the group issued a warning to victims of the MOVEit vulnerability data breach, urging them to comply with their demands. In an attempt to persuade victims to cooperate, the hacker collective offered a “significant discount” if they admitted to the data breaches within their organizations.
Cybersecurity analyst Dominic Alvieri shared a screenshot on Twitter revealing the list of victim companies and the stolen data that was published following the security breach. The post from Cl0p stated, “Clop completes another round of torrents.” Among the companies listed by Cl0p were Norton, Stockman Bank, and Cadence Bank, along with several others.
In their announcement, Cl0p threatened to leak the data of victims who did not respond to their ransomware threats by August 15, 2023. They claimed that the exfiltrated data would be posted on the clear web, making it accessible to all users without requiring specialized tools for dark web surfing. The group also mentioned that they would make the data available on TOR, a network that allows anonymous communication, and for larger companies, they would create a clear web URL to help Google index the data. This would facilitate faster downloads compared to accessing the data on the dark web.
Earlier this year, several incidents of data breaches were linked to a vulnerability in the file transfer service MOVEit. Cl0p ransomware group took responsibility for the MOVEit hack and listed several prominent organizations that had fallen victim to the vulnerability exploitation. However, it is not confirmed whether the data shared by the ransomware group is exclusively related to the entities affected through the MOVEit compromise.
Some of the company websites named as victims on August 15 include Nortonlifelock.com, Stockmanbank.com, Baesman.com, Siemens-Energy.com, UCLA.edu, Trellisware.com, Excorecapital.com, and Cadencebank.com. The group continued to post the names of other organizations, such as Visionware.ca, westat.com, crowe.com, autozone.com, l8solutions.co.uk, energytransfer.com, netscout.com, and cognizant.com, in subsequent updates, indicating a mass data leak.
According to a Kon Briefing report, the MOVEit file transfer vulnerability may have compromised nearly 682 organizations, affecting approximately 46,876,953 individuals, mainly in the United States. Out of the impacted organizations, 520 were from the US, 35 from Germany, 29 from Canada, 24 from the UK, and 10 from the Netherlands. Among the victims, there were over a hundred colleges and universities in the US and 40 public sector organizations. Some of the recently named victims of the MOVEit exploitation include UMass Chan Medical School, Executive Office of Elder Affairs, Aging Services Access Points, and Park National Corporation.
It is important to note that this report is based on internal and external research obtained through various sources, and the information provided is for reference purposes only. Users are solely responsible for their reliance on this information, and The Cyber Express assumes no liability for its accuracy or any consequences resulting from its use.