Quick Hits

Cl0p Cybercrime Gang Delivers Ultimatum After Payroll Breach

Experts and researchers warn individuals and organizations that the cybercrime group is not to be trusted in their demands.

Yesterday, a Russian cybercrime gang, known as Cl0p, delivered an ultimatum to multiple companies that were the targets in a recent MOVEit zero-day attack with a deadline of June 14.

In a notice posted on the Dark Web, the gang warns companies that were affected by the hack — which resulted in stolen payroll data from over 100,000 members of staff within the BBC, British Airways, and Boots — that if these firms do not email the group by the deadline, the private data will be published.

Other organizations that may have also been breached include Aer Lingus, an international airline, as well as the Nova Scotia government and the University of Rochester.

"This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit," stated a blog post allegedly made by Cl0p.

Analysts at Microsoft first believed that it was likely that Cl0p was behind of the attack based on the techniques used — breaking into the MOVEit software and using it to access internal databases — but has since confirmed this theory due to the language used in the gang's blog post.

Experts advise employers and individuals not to panic and not to pay any ransom demands, and for organizations to carry out authorized security checks.