Cl0p Ransomware's Grand Move: Impacting 1,000 Orgs & 60 Million Individuals

A recent cyber attack conducted by the Cl0p ransomware group has reportedly impacted nearly 1,000 organizations and approximately 60 million individuals. The attack, known as the MOVEit campaign, has affected both directly and indirectly impacted entities. Some organizations and millions of individuals had their data compromised through a third-party provider, PBI, which offers research services to the pension and financial sectors. Cybersecurity firm Emsisoft identified 988 victims and about 59.2 million individuals as of August 24. Among the organizations potentially exposing data of over a million individuals are Maximus, Pôle Emploi, Louisiana Office of Motor Vehicles, and more. The attack's scale is confirmed by Resecurity, which reported 963 public and private sector organizations worldwide hit by the MOVEit hack on August 23.

The Cl0p ransomware group is estimated to potentially earn up to $100 million from this campaign and has started leaking data from victims that declined to pay the ransom. On August 14 and 15, the group leaked around 1 terabyte of data allegedly stolen from 16 victims, including UCLA, Siemens Energy, Cognizant, and cybersecurity firms Norton LifeLock and Netscout. The leaked data was distributed through surface web torrents, making it accessible to anyone. Over 80% of the affected organizations are located in the United States. The MOVEit campaign exploited a critical SQL injection vulnerability (CVE-2023-34362) in the MOVEit Transfer managed file transfer software, allowing unauthorized access to transferred files.