Global University Systems Canada, a subsidiary of Global University Systems (GUS), has become the latest victim of the Cl0p ransomware group. GUS Canada operates several schools, including the Toronto School of Management and the Canadian College of Technology and Business. Threat analyst Brett Callow confirmed the data breach in a tweet, stating that Cl0p had listed GUS Canada as one of its victims.
GUS is a Dutch private limited company that operates a network of higher education institutions across the UK, Canada, Israel, and Europe. It also manages various brands and companies within the education industry, such as InterActive, an e-learning provider. As of 2018, GUS was recruiting students from more than 175 countries through a network of independent education agents and its own marketing departments.
The Cl0p ransomware group has been targeting organizations worldwide, using vulnerabilities in the MOVEit file transfer system to gain unauthorized access to sensitive information. The group has already claimed victims such as Shell, Sony, PricewaterhouseCoopers (PWC), Ernst & Young (EY), and the US Energy Department. While some companies, including GUS Canada, have confirmed their involvement in the attacks, others, such as PWC, EY, Sony, and Andesa Services, have not yet confirmed the use of MOVEit vulnerabilities in their respective breaches.
Cl0p has been known to employ double-extortion tactics, threatening to release stolen data if the ransom demands are not met. In previous attacks, the group targeted Shell Global using a vulnerability in the Fortra GoAnywhere file management system. The current MOVEit attack has the potential to impact hundreds of victims and could have more severe consequences than previous breaches.
Interestingly, the Cl0p group has not deployed its signature ransomware in any of its recent attacks. Instead, they have focused on data extortion as their chosen method of attack. This strategy has allowed them to target a wide range of organizations, including major corporations and government entities.
The Cl0p ransomware group, which has been active since 2019 and has connections to Russia, operates under various aliases, including TA505, Lace Tempest, Dungeon Spider, and FIN11. Their attacks typically focus on organizations with revenues exceeding $5 million.
It is important for companies to remain vigilant and take necessary precautions to protect their systems and data from ransomware attacks. Regularly updating software, implementing strong security measures, and training employees on cybersecurity best practices can help mitigate the risk of falling victim to ransomware attacks.