“To date, it is estimated that Cl0p has extorted more than $500 million from various organisations within the US alone.”
Cybercriminals known as Cl0p ransomware group, thought to be part of a Russian crime ring, have exploited a newly discovered flaw within the popular MOVEit file transfer software.
MOVEit is a third-party file-sharing tool, used as a managed file transfer (MFT) method of sending secure and compliant information data between organisations.
What is significant about this zero-day attack is that the transfer software was used by several blue-chip companies: Vodafone, Coca-Cola, Tesco, British Airways, BP, The Nova Scotia Government, Boots, Ofcom, and BBC, to name but a few. What makes it worse still, is that the breach relates to stolen personal data about the employees of these various companies and organisations.
Cl0p ransomware is considered a highly virulent and dangerous file-encrypting virus, which prevents users from being able to access data information, financial records, backups, emails, etc. Typically, when a company is infected with Cl0p, the threat usually states that your stolen information will be exposed on the dark web if the ransom is not paid by a certain time. To date, it is estimated that Cl0p has extorted more than $500 million from various organisations within the US alone.
UK-based company Zellis, which provides human resource software and payroll services, was the first UK-based company to announce it had been a victim of the hack, which in turn led to its clients being breached. Zellis provides services to forty-two of the FTSE 100 companies.
How can Cl0p infect my computer?
There are many ways in which the virus can be introduced onto a network: hyperlinks, unprotected RDP, attachments, phishing emails, download links, and Trojans. Once the virus is injected into your network, it will start to overwrite and change system files and start to implement malicious files in their place. That’s when the hackers lock you out of your network and extort a ransom, which only they have the key for. The danger is if you do pay, who is to say they will hand you back your network?
Zellis substantial claims for compensation
Zellis confirmed that they took immediate action and disconnected its server that uses the MOVEit software, they also engaged an external security consultant response team to assist in the remediation of their systems. However, that type of expertise may not be enough for Zellis.
If you type in the phrase ‘Zellis substantial claims for compensation’ in your Google search bar, you’ll find pages of lawyers across the UK, all looking to provide no-win, no-fee legal services to get you compensation from Zellis for their breach of personal information.
"If you have suffered a GDPR breach you may be entitled to claim compensation ".
The fallout over this hack is far-ranging. More than any other hack suffered by a company so far, it has really brought it home that it’s not just about reporting a breach to the ICO office and paying a fine. There is a gathering sea change in the UK. Individuals are deeply concerned with how companies look after their personal data.
At every turn, companies are asking individuals for information: national insurance numbers, bank account details, card numbers, passwords, name of your first pet or school. These things identify us as individuals, and if your data falls into the hands of criminals, life could turn nasty very quickly.
It would seem that companies if they do get hacked, need to be prepared, not only for the disruption, the ICO fines, but also legal action from individuals within the company or outside.
Technical remediation steps
If your company has been impacted by the MOVEit file transfer system, you should apply the new patch (June 9th) immediately, as described in their Transfer Knowledge Base Resources.
However, be advised, Progress Software (owners of the MOVEit software) – have announced that there could be another vulnerability that could be exploited; one that gives users heightened privileges and otherwise unauthorised access to systems.
Conclusion
Every day your business is opening new doors and opportunities. Don’t let hackers in.
At CNC, we can help you to protect your business from the edge to the core. We can help you to build an accurate picture of your company’s IT cyber security, and make sure you have the necessary protection in place. Call us now on 01273 384 100 for more information or email sales@cnc-ltd.co.uk.
