Russian ransomware group reveals more victims of MOVEit mass hack

San Francisco, June 16

The Russia-linked ransomware group Clop, which exploited a critical security vulnerability in a popular corporate file transfer tool, has listed several other victims of its mass hack, that also include banks and universities, apart from federal government agencies.

On its website, the group called Clop listed US-based financial services organisations 1st Source and First National Bankers Bank; Boston-based investment management firm Putnam Investments; the Netherlands-based Landal Greenparks; and the UK-based energy giant Shell, among other victims, reports TechCrunch.

The ransomware gang exploited a security flaw in MOVEit Transfer, a tool used by corporations and enterprises to share large files over the internet.

Progress Software, which develops the MOVEit software, has patched the vulnerability.

The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications”, the agency’s Executive Assistant Director for Cybersecurity, Eric Goldstein, told CNN about the software impacted.

Other victims listed include financial software provider Datasite, educational non-profit National Student Clearinghouse, student health insurance provider United Healthcare Student Resources, US manufacturer Leggett & Platt and the University System of Georgia (USG), among others Clop contacts its victims to demand a ransom payment to decrypt or delete their stolen files.

The Government of Nova Scotia, which uses MOVEit to share files across departments, also confirmed it was affected.

Many more victims are expected to be revealed in the coming days and weeks, according to the report.

According to researchers, Clop may have been exploiting the MOVEit vulnerability as far back as 2021.