Clop Gang Unleashes Mass-Hacks on U.S. Banks and Universities

A pervasive cybersecurity threat looms as Clop, the notorious ransomware gang, has been exploiting a critical security vulnerability in the MOVEit Transfer tool, a widely used corporate file sharing tool. The ripple effect of this security breach is massive, touching the shores of U.S. banks, universities, and even multinational corporations.

MOVEit Transfer has been a go-to tool for organizations to share substantial files over the internet. Its utility didn’t go unnoticed by the Russia-linked ransomware group. They’ve been leveraging a security flaw since late May, infiltrating various organizations before Progress Software, the developer behind MOVEit, managed to patch the vulnerability.

The gravity of the situation is yet to be fully grasped as the exact count of victims remains indeterminate. However, Clop has taken the audacious step of posting the first set of victims on their dark web leak site. The list includes U.S.-based financial services organizations 1st Source and First National Bankers Bank; Boston-based investment management firm Putnam Investments; the Netherlands-based Landal Greenparks; and U.K.-based energy giant Shell. Notably, GreenShield Canada was also listed but has since been removed.

Several other victims are on the Clop’s roster: educational non-profit National Student Clearinghouse, student health insurance provider United Healthcare Student Resources, American manufacturer Leggett & Platt, Swiss insurance company ÖKK, and the University System of Georgia (USG).

Representatives from the University System of Georgia shared with us that they are in the process of assessing the impact and severity of the potential data exposure. Meanwhile, German mechanical engineering company Heidelberg confirmed the incident but assured that prompt actions were taken, and no data breach occurred.

Unlike the typical ransomware modus operandi, Clop hasn’t directly contacted its victims to demand a ransom payment to decrypt or delete their stolen files. Instead, a blackmail message was posted on its dark web leak site urging victims to reach out before its June 14 deadline. At this point, no stolen data has surfaced, although Clop maintains that they have “downloaded alot [sic] of your data.”

As this cyber saga continues to unravel, fresh victims are stepping forward. Prominent entities like Johns Hopkins University and Ofcom, the U.K.’s communications regulator, have confirmed a cybersecurity incident, presumably connected to the MOVEit mass-hack. Personal and financial information, names, contact information, and health billing records may have been compromised.

Intriguingly, risk consulting firm Kroll posits that Clop might have been exploiting the MOVEit vulnerability as far back as 2021. The recent unveiling of this exploit points towards the sophisticated knowledge and meticulous planning underlying these mass cyberattack incidents.

Our digital landscapes are increasingly under threat. With ransomware gangs like Clop exploiting critical vulnerabilities in commonly used tools like MOVEit Transfer, businesses, big and small, must be on high alert. It is paramount for organizations to reinforce their cybersecurity frameworks and bolster defenses against such insidious cyber threats.

What are your thoughts on these recent cybersecurity incidents? How is your business taking steps to safeguard its digital assets? Share your insights in the comments below.