A Russian-linked cybercriminal group believed to be behind the hacks affecting companies around the world has posted a message aimed at the victims.
In other words, businesses affected by the MOVEit hack were told to contact the Cl0p ransomware group by June 14th or face the consequences.
In a message posted on a dark web leak site accessible via the Tor browser, the Cl0p gang accused companies using Progress’s MOVEit Transfer product of exploiting a software vulnerability to gain access to their data. I’m telling you.
Unusual for an extortion request, and perhaps reflecting the potential for different companies to be affected by this flaw, the message asks affected companies to contact the extortionist.
Once contacted, negotiations will begin to determine the price of the stolen data deletion claim Cl0p. However, if no contact is made by June 14th, or if the ransom negotiations last too long, the data will begin to be published online.
Victims of the hack are believed to include the BBC, Aer Lingus, British Airways and the UK pharmacy chain Boots, all of which used the vulnerable MOVEit software to give Zellis a payroll management account. was entrusted with
Calling itself “FRIENDLY CLOP,” the hackers claim they have already erased all data related to government, city and police services because they “have no interest in releasing such information.”
Perhaps they are simply concerned about law enforcement being overly hostile…
Did you enjoy this article? Follow Graham Cluley on Twitter again Mastodon To read more of the exclusive content we post,