The US government has verified that a number of governmental institutions have been the target of Clop ransomware attacks that took advantage of a popular file transfer tool’s security flaw.
A senior CISA officer informed reporters later on Thursday, citing estimates from private analysts, that “several hundred” businesses and organizations in the US may also be impacted by the hacking campaign in addition to US government entities.
Over the lengthy Memorial Day holiday in the United States, the attacks began on May 27. The Clop ransomware group claimed to have stolen data from hundreds of businesses.
This week, Clop started using a data leak website to blackmail businesses by publishing their identities there and threatening to start releasing data if a ransom is not paid.
The claimed responsible ransomware gang, Clop, is known to demand multimillion-dollar ransoms. However, the senior official informed reporters at a background briefing that no demands for ransom have been made of federal agencies.
The US business Progress Software, which created the software used by the hackers, said it had found a second weakness in the system and was trying to remedy it when CISA responded.
“Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA). The Department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach,” a Department of Energy spokesperson told TechCrunch
According to CISA Director Jen Easterly, who told reporters that the intrusions had not had any “significant impacts” on federal civilian agencies, the hackers have been “largely opportunistic” in utilizing the software hole to access networks.
Need for having a skilled team for combatting E-commerce security threats?
The disclosure increases the number of victims of a massive cyber attack that started two weeks ago and has affected state governments and major US colleges. The cyber binge puts more pressure on federal officials who have promised to do something about the ransomware plague that has crippled local governments, hospitals, and schools across the US.
The program was initially created to collect data on terrorists posing a threat to American interests, but it has now grown to include data on cybercriminals like the Russian Sandworm hackers, the Evil Corp hacking gang, the REvil ransomware, and the Conti ransomware operation.
The US government offers up to a $10 million bounty for info on Clop ransomware
Yesterday, the Rewards for Justice program of the U.S. State Department offered a $10 million reward for information connecting the Clop ransomware assaults to a foreign government.
“Do you have any information tying the foreign government to the CL0P Ransomware Gang or any other criminal cyber actors attacking U.S. vital infrastructure? Send a tip to us. You might be qualified for a reward, the Rewards for Justice Twitter account stated.
MSP cybersecurity: What you should know
A U.S. Department of State program called Prizes of Justice (RFJ) pays prizes for information on threats and attacks that have an impact on American national security.
This new RFJ bounty was established in response to the Clop ransomware, which targeted businesses all over the world with data theft assaults by exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform.
This week, Clop started using a data leak website to blackmail businesses by publishing their identities there and threatening to start releasing data if a ransom is not paid.
Featured image credit: Scott Webb on Unsplash
