More victims have emerged of a Russian-speaking cybercrime group whose recent spree includes stealing information from several federal U.S. agencies.
The BBC, Shell, Johns Hopkins Health Systems, British Airways, the state of Illinois, and the departments of motor vehicles of Oregon and Louisiana all appear to have had their files stolen, according to various news releases.
The group, CL0P, is an established ransomware group, a type of organized cybercrime where hackers try to remotely extort victims by either remotely encrypting their data or stealing and threatening to publish files.
On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA), a federal agency that advises the nation on cyberattacks and helps protect federal networks, said that multiple agencies had been affected by CL0P’s recent spree. Only the Department of Energy has said so far that it is a victim.
CL0P appears to have struck gold by identifying a flaw in MOVEIt, a computer program designed to help companies transfer files. Organizations using an outdated version of MOVEIt are susceptible to an attack where CL0P can scoop up files.
In an apparent statement posted to its website on the dark web, CL0P wrote “WE ALSO WANT TO REMIND ALL COMPANY THAT IF YOU PUT DATA ON INTERNET WHERE DATA IS NOT PROTECT DO NOT BLAME US.”
The hackers have listed dozens of companies as victims on their website. NBC News was unable to confirm all of them, but many of the organizations named have released statements confirming their data was stolen, and other groups not listed on the website have identified themselves as victims.
The Louisiana Office of Motor Vehicles said it was a victim, and that it believes all Louisianans with a state-issued driver’s license, ID, or car registration have likely had their data exposed to the hackers.
The Oregon Department of Transportation said: “Individuals should assume information related to their active license or ID card information is part of this breach.”
Shell is investigating to understand and manage any risks, and take appropriate action,” a spokesperson said. CL0P has listed a large number of files to its website, alleging they are stolen from Shell. NBC News was unable to immediately confirm their authenticity.
The BBC has been “impacted” by the hack, a spokesperson said in an emailed statement.
The head of the Illinois Department of Innovation & Technology said that workers there had “evicted” the hackers from state computers within three hours of learning of the attack.
The state of Missouri said “an investigation is ongoing“ into the hack.
British Airways has “notified those colleagues whose personal information has been compromised,” a spokesperson said in an email.
Global accounting firm Ernst and Young is “manually and thoroughly investigating systems where data may have been accessed,” a spokesperson said.
There may be significantly more victims than the ones known so far. Wendi Whitmore, who leads a team that tracks ransomware groups for the cybersecurity company Palo Alto Networks, told NBC News Thursday that CL0P had likely stolen files from “at least hundreds, if not more,” of organizations.
Source: | This article originally belongs to Nbcnews.com
