![[UK] Cyber gang Clop give ultimatum to BBC, BA and Boots](http://gpa.net/cdn/shop/articles/bigstock-Bbc-Broadcasting-House-In-Lond-136558652_1200x.jpg?v=1686121856)
The victims of a hack that has hit organisations around the world have been issued an ultimatum by a notorious cybercrime gang thought to be based in Russia, BBC News reports.
The Clop group posted a notice on the dark web warning those impacted by the MOVEit hack to email them before June 14 or they will publish stolen data.
More than 100,000 staff at the BBC, British Airways and Boots have been informed that their payroll data may have been taken.
Employers are reportedly being urged not to pay a ransom if the hackers demand one.
Cyber security research had already suggested that Clop could be responsible for the hack after it was announced last week.
The hackers broke into a popular piece of business software called MOVEit, they were subsequently able to use it to access the databases of potentially hundreds of other companies.
On June 5, Microsoft analysts announced that they believed Clop was to blame, based on the techniques used in the hack.
That suspicion has now been confirmed in a long blog post written in broken English.
The dark web post was seen by the BBC. It reads, "This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit."
The post reportedly continues by urging victim organisations to send an email to the gang to open a negotiation on the crew's darknet portal.
This is considered an unusual tactic; ordinarily, ransom demands are emailed to victim organisations by the hackers yet in this situation they are demanding that victims get in touch.
The change could reportedly have come about because Clop itself cannot keep up with the scale of the global hack which is still being calculated.
MOVEit is supplied by Progress Software in the US for businesses to securely move files around company systems. UK-based payroll services provider Zellis was one of its users.
In the wake of the attack, Zellis has confirmed that eight organisations have had data stolen, including their home addresses, national insurance numbers and, in some cases, their bank details.
Currently, the following organisations have announced that they may have had data stolen:
- BBC
- British Airways
- Aer Lingus
- Boots
- Nova Scotia Government
- The University of Rochester
Experts have reportedly advised individuals not to panic and told organisations to carry out security checks issued by authorities such as the Cyber Security and Infrastructure Authority in the US.
On its leak site, Clop claims that it has deleted any data from government, city or police services.
"Do not worry, we erased your data you do not need to contact us. We have no interest to expose such information," it reads.
But researchers say the criminals cannot be trusted.
"Clop's claim to have deleted information relating to public sector organisations should be taken with a pinch of salt. If the information has monetary value or could be used for phishing, it's unlikely that they will simply have disposed it," Brett Callow - a threat researcher from Emsisoft - told BBC News.
Cyber security experts have been tracking the antics of Clop for some time. The group is thought to be based in Russia as it primarily operates on Russian-speaking forums.
Russia has long been accused of being a safe haven to ransomware gangs; something it refutes.
Clop does, however, reportedly run as a "ransomware as a service" group, meaning hackers can rent their tools to carry out attacks from anywhere.
Alleged Clop hackers were arrested in Ukraine in a joint operation between Ukraine, US and South Korea in 2021. At that time, authorities claimed to have taken down the group which they said had extorted $500m from victims around the world.
Clop, however, has reportedly remained a persistent threat.
Source: BBC News
(Link and quotes via original reporting)
The victims of a hack that has hit organisations around the world have been issued an ultimatum by a notorious cybercrime gang thought to be based in Russia, BBC News reports.
The Clop group posted a notice on the dark web warning those impacted by the MOVEit hack to email them before June 14 or they will publish stolen data.
More than 100,000 staff at the BBC, British Airways and Boots have been informed that their payroll data may have been taken.
Employers are reportedly being urged not to pay a ransom if the hackers demand one.
Cyber security research had already suggested that Clop could be responsible for the hack after it was announced last week.
The hackers broke into a popular piece of business software called MOVEit, they were subsequently able to use it to access the databases of potentially hundreds of other companies.
On June 5, Microsoft analysts announced that they believed Clop was to blame, based on the techniques used in the hack.
That suspicion has now been confirmed in a long blog post written in broken English.
The dark web post was seen by the BBC. It reads, "This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit."
The post reportedly continues by urging victim organisations to send an email to the gang to open a negotiation on the crew's darknet portal.
This is considered an unusual tactic; ordinarily, ransom demands are emailed to victim organisations by the hackers yet in this situation they are demanding that victims get in touch.
The change could reportedly have come about because Clop itself cannot keep up with the scale of the global hack which is still being calculated.
MOVEit is supplied by Progress Software in the US for businesses to securely move files around company systems. UK-based payroll services provider Zellis was one of its users.
In the wake of the attack, Zellis has confirmed that eight organisations have had data stolen, including their home addresses, national insurance numbers and, in some cases, their bank details.
Currently, the following organisations have announced that they may have had data stolen:
- BBC
- British Airways
- Aer Lingus
- Boots
- Nova Scotia Government
- The University of Rochester
Experts have reportedly advised individuals not to panic and told organisations to carry out security checks issued by authorities such as the Cyber Security and Infrastructure Authority in the US.
On its leak site, Clop claims that it has deleted any data from government, city or police services.
"Do not worry, we erased your data you do not need to contact us. We have no interest to expose such information," it reads.
But researchers say the criminals cannot be trusted.
"Clop's claim to have deleted information relating to public sector organisations should be taken with a pinch of salt. If the information has monetary value or could be used for phishing, it's unlikely that they will simply have disposed it," Brett Callow - a threat researcher from Emsisoft - told BBC News.
Cyber security experts have been tracking the antics of Clop for some time. The group is thought to be based in Russia as it primarily operates on Russian-speaking forums.
Russia has long been accused of being a safe haven to ransomware gangs; something it refutes.
Clop does, however, reportedly run as a "ransomware as a service" group, meaning hackers can rent their tools to carry out attacks from anywhere.
Alleged Clop hackers were arrested in Ukraine in a joint operation between Ukraine, US and South Korea in 2021. At that time, authorities claimed to have taken down the group which they said had extorted $500m from victims around the world.
Clop, however, has reportedly remained a persistent threat.
Source: BBC News
(Link and quotes via original reporting)