Did you know that a series of cyberattacks orchestrated by a ransomware gang is believed to have targeted over 140 organizations and compromised the personal data of more than 15.5 million individuals worldwide?
MOVEit hack is not only one of the scariest cyberattacks the world has ever seen, but it also provides a rather troubling glimpse into the future of cybercrimes. A significant number of financial institutions, technology giants, and government agencies have been impacted by the hack, though the actual number of victims is expected to increase as the experts are still trying to determine the sheer volume of data breaches.
So, what is the MOVEit cyberattack and who’s behind it? Let’s find out.
What is MOVEit?
MOVEit is a popular Managed File Transfer (MFT) application that encrypts files, allows secure collaboration, and provides automated file transfers for sensitive data. It was produced by a Massachusetts-based technology company, Progress, and has thousands of clients around the world.
Who was behind the cyberattack?
The notorious cybercriminal gang Cl0p, also known as CLOP and TA505, has taken credit for the mass attacks. The criminal group is believed to be based in Russia and has been linked to similar attacks in the recent past.
However, unlike other ransomware actors, the hacking organization is using a slightly different business model. Instead of simply using malicious software to encrypt the systems and demanding a ransom to decrypt them, the gang has stolen internal data from computer systems. Cl0p has demanded that victims pay money to stop their personal data from being published online.
It is also pertinent to mention that while Cl0p is linked to Russia, there are no indications that the group has ties with the Russian government. Analysts believe the hackers targeted US federal agencies to extort money rather than blackmail them.
Read More: Can you get hacked just by visiting a website?
How did the hackers get in?
In May 2023, the Cl0p hackers discovered a previously unknown vulnerability or a “zero-day” flaw in the MOVEit program and exploited it to steal sensitive data from the organizations and third-party vendors that used the popular tool. Although Progress identified the vulnerability in its system shortly after the cyberattacks began and patched the security flaw, the damage had already been done.
After the first batch of its victims started coming forward, Cl0p decided to address them by posting a message on its dark web page.
“This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit,” the hackers said. “We have information on hundreds of companies so our discussion will work very simple.”
The deadline for the extortion payment is June 21, 2023. However, it is unclear if any of the victims have met the demands put forth by Cl0p.
Who has been hacked?
Cybersecurity threat analyst Brett Callow has identified 148 companies that have been impacted by the MOVEit attack – and the list continues to grow at an alarming rate.
So far, the cyberattacks have affected approximately 6 million Louisiana residents, 3.5 million Oregon driver’s license holders, between 2.5 and 2.7 million clients of Virginia-based Genworth Finance, 1.5 million customers of New York-based Wilton Reassurance, 770,000 members of the California Public Employees’ Retirement System, half a million customers to Talcott Resolution, over 170,000 beneficiaries of the Tennessee Consolidated Retirement System, and more than 2,000 staff members at Dublin Airport.
The other victims include the U.S. Department of Health and Human Services, the New York City Department of Education, the Nova Scotia government, Siemens Energy, Sony, Shell, Calpers, Schneider Electric, BBC, British Airways, pharmaceutical business AbbVie, major accounting firms EY and PWC, and multinational law firm Kirkland & Ellis.
In addition, the University of California, Los Angeles (UCLA) is also a possible victim of the MOVEit ransomware attack.
Read More: 5 crucial steps to protect your business from data breaches
A $10 million reward
The US Department of State’s Rewards for Justice Program, which offers rewards for information that supports national security objectives, is offering up to $10 million for any tips that lead to Cl0p.
What does the MOVEit hack say about the future of cybercrimes?
The cybercriminal group behind the recent MOVEit hacks appears to have taken a different approach to target its victims: instead of launching a ransomware attack against a single organization, it executed a large-scale assault on a third-party provider and waited to gain access to the confidential data of millions of individuals.
Many cybersecurity experts believe Cl0p was influenced by the 2020 SolarWind attack, where the hackers used a method known as a supply chain attack to insert malicious code into the Orion system used by SolarWinds, a major software company that provides technical services to thousands of organizations and government agencies around the world.
In the case of MOVEit, Cl0p took inspiration from the effectiveness of supply-chain attacks and directed it towards targeting corporate entities. By leveraging this strategy, they aimed to exploit vulnerabilities in the supply chains of their corporate victims.
To conclude, the MOVEit hack has stolen the data of millions of people around the world, leaving them susceptible to financial loss, identity theft, and emotional distress. While cybercrimes have become more sophisticated with time, it is important for individuals and companies to invest in premium cybersecurity tools for digital privacy.
This brings us to the end of our guide on the MOVEit cyberattacks. Stay connected with the PureVPN Blog for more information about the latest trends in cybersecurity.
Read More: Exploring the latest tech trends and their implications for 2023