Clop Ransomware attacks have targeted a growing number of corporations, institutions, and government agencies worldwide. These attacks, initiated by Russian cyber thieves, have compelled the affected entities to assess the extent of data theft meticulously.
Clop ransomware group, which operates out of Russia, is famous for threatening to reveal stolen material and demanding multimillion-dollar payments from victims. They asked victims to get in touch with them for ransom talks and claimed to have knowledge of several different businesses. On their dark web website, they have also begun adding the names of additional hacking victims.
Officials at the US Cybersecurity and Infrastructure Security Agency (CISA) revealed that “several federal agencies… have experienced intrusions” and suggested that a number of businesses might potentially be hit, even though the entire extent of the assault is yet unclear.
A huge data breach that affected millions of people in Louisiana and Oregon was uncovered by state authorities. Federal authorities connected the attack to a larger hacking attempt that was directed by a Russian group known as Clop and used the same software vulnerabilities, although no attackers were identified.
According to CNN, Robert Cattanach, a cybersecurity specialist and former Department of Justice trial attorney at Dorsey & Whitney:
“Nobody knows the full extent of this, and that’s the way these cyber compromises work. Once you’re compromised, there begins an arduous process of ‘how far in did they get in?’ and ‘what did they take?’ That’s typically weeks, and sometimes months.”
The 62 known attacks on educational facilities each represent a number of different institutions. Thus, it shows quite a lot of educational institutions, as well as kids, teachers, and other educational staff may have been compromised.
The Outcomes of The Clop Ransomware Attacks
The federal agencies, state agencies, and educational institutions have been the main targets of the cyberattack. The agency of Energy said that it promptly reduced the effects of the attack after learning that documents from two entities inside the agency had been hacked. Other government agencies have not yet confirmed any impact.
The state governments of Illinois and Minnesota have been impacted by the cyberattack. State officials report that an additional 3.5 million Oregon residents with driver’s licences or state ID cards, along with anyone in Louisiana holding equivalent identification, have also been affected by the breach.
Clop has previously taken responsibility for a hack exploiting vulnerability in Microsoft’s Papercut. Subsequently, Microsoft has officially acknowledged experiencing a cybersecurity incident.
The academic community has been affected by the hacking campaign. According to a statement released by Baltimore-based Johns Hopkins University and its renowned health system, the attacker may have stolen “sensitive personal and financial information” including medical billing data.
Ransomware can target anybody, including people, companies, hospitals, and now even school systems. Schools frequently lack strong defences, leaving them more vulnerable to cyberattacks than banks since they have outdated IT systems and little training. The risk is further increased by kids who use computers in schools.
The hackers exploited a vulnerability in MOVEit, a data transfer programme that is often used by businesses and government organisations. The American firm Progress Software disclosed a recently found vulnerability that might “potentially be exploited by ill-intended actors.”
Since early June, the firm has been alerting consumers about security vulnerabilities that might allow hackers to access networks without authorization. The corporation has been notifying clients about these security risks for weeks.
Recommendations
Companies must decide whether to pay the demanded ransom when they fall victim to a ransomware attack. The cost of compliance with such demands might be in the tens of thousands or much more. Usually, choosing not to pay results in the loss of the affected data.
In general, law enforcement agencies advise businesses against paying because doing so encourages criminals and increases the chances of more attacks.
Experts often advise people to use strong passwords, enable two-factor authentication, and keep a close eye on their credit scores, account activity, and any phishing attempts in order to follow best practices for cybersecurity.
CISA issued a directive urging all federal civilian entities to upgrade their MOVEit software in response to the most recent attack. Because of its vulnerability, MOVEit is a desirable target for criminals looking to destabilise society. Experts also warned that third parties may now have the software code required to execute similar attacks.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology (none of which can spot 100% of phishing emails), you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.
