Threat actors often exploit vulnerabilities they find which result in sensitive data being stolen. In this instance, a ransomware group found the opportunity in the MOVEit file transfer tool's security flaw and has continued to do so with estimated millions affected by it.
Clop Ransomware Continues
Several sectors have already been affected by the exploitation of the security vulnerability from MOVEit, with approximately 140 victims and counting. Of the estimated number of impacted organizations, only ten disclosed the number of affected users.
Even with just ten organizations providing the numbers, the chain of cyber attacks has already affected more than 15.5 million people. These include US-based universities and public sector organizations, as mentioned in Tech Crunch, which combined reaches 23 organizations.
With the biggest number of victims, around 3.5 million Oregon driver's license holder has had their data stolen, followed by estimated 2.7 million Genworth Finance clients. Six million of Louisiana's residents also add to the number of impacted people.
The California Public Employees' Retirement System also disclosed that around 770,000 of its users were among those that had their data stolen, along with 1.5 million more customers from Wilton Reassurance, an insurance provider.
According to ransomware expert Brett Callow, the biggest threat yet is the cyber attack on National Student Clearinghouse. The US educational nonprofit works with 22,000 high schools and 3,600 colleges, all of which have thousands of students.
The US Department of Health and Human Resources is also part of the list. The organization's officials have already alerted Congress that over 100,000 people have had their data stolen. Even Siemens Energy confirmed that they were among the companies affected by the incident.
The Clop ransomware group has since leaked data, presumably after the victims failed to pay for ransom. Reports say that it has already added ten victims to its leak site this week, which includes banks, legal companies, and energy companies.
Clop Ransomware Group
The high-targeting ransomware group has been active for a couple of years now. Despite the arrest of six of its members, their operation is evidently still active. The hacker group has already extorted an estimation of $500 million by November 2021.
With the recent chain of attacks, that amount could have already increased significantly. According to Trend Micro, Clop is a variant of the CryptoMix ransomware family. The group is said to be operated by a Russian-speaking group.
It works as a ransomware-as-a-service (RaaS) operation. Its first victim was a pharmaceutical company back in April 2020, where it posted sensitive data on its leak site after the company failed to pay for ransom.
It has since grown into a bigger hacker group that targets bigger organizations and companies such as SolarWinds and a maritime services giant in Singapore, which had its IT systems breached resulting in stolen classified proprietary commercial information and employee data.
As shown in recent reports, the Clop ransomware group has conducted its biggest cyber attack yet, with a chain of breaches after exploiting a vulnerability in a file transfer tool. More victims are added to its numbers with no sign of the hacker group stopping.