The hacker gang Clop publishes victim names on the dark web
- By Joe Tidy
- Cyber correspondent
The names and company profiles of dozens of victims of a global mass hack have been published by a cybercriminal gang holding their stolen data for ransom.
On Wednesday, the hacker group Clop began posting names of companies on its website on the darknet.
26 organizations including banks and universities have been added to try to pressure victims to pay.
US federal agencies have also been targeted.
The US Cybersecurity and Infrastructure Security Agency told CNN that it is “providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications.”
It is not known which agencies are affected or which data was stolen, but cyber authorities say they do not expect it to have a significant impact.
The mass hack is likely to have affected hundreds of organizations around the world, with around 50 so far confirmed either by the firms themselves or by the hackers.
On the hacker’s so-called “leak page”, there are companies from the USA, Germany, Belgium, Switzerland and Canada.
Oil giant Shell was laid off on Wednesday and has since confirmed it is a victim.
The BBC chooses not to name the other firms.
Ransomware gangs like Clop use their leak sites to “name and shame” victims into paying by posting company profiles. It is a well-trodden and often profitable process.
“Once Clop names companies to its data leak site, the group will begin its rounds of negotiations with affected organizations, demanding ransom to avoid their data being breached,” said Chris Morgan, Senior Cyber Threat Intelligence Analyst at ReliaQuest.
Morgan says the hackers will hope victims get in touch and set a deadline for how long they have before their data is made public.
Clop has been known to demand ransoms of hundreds of thousands, sometimes millions of dollars, but police forces around the world discourage victims from paying because it fuels these criminal gangs.
The MOVEit hack was first revealed on May 31 when US company Progress Software said hackers had found a way to break into the MOVEit Transfer tool.
MOVEit is software designed to move sensitive files securely and is popular worldwide with most of its customers in the US.
Progress Software said it notified its customers as soon as the hack was discovered and quickly released a downloadable security patch.
But the criminals were already able to use their access to get into the databases of potentially hundreds of other companies.
Payroll provider Zellis, which is based in the UK, was a MOVEit user that was later breached. Zellis has confirmed that eight UK organizations have had their data stolen as a result, including home addresses, social security numbers and, in some cases, bank details.
Not all companies have had the same data exposed.
Zellis customers that have been breached include the BBC, British Airways, Aer Lingus and Boots.