Back in May, the company MOVEit, a file transfer platform made by Progress Software, was compromised by a Russian ransomware operation called Cl0p. They used a vulnerability in Progress’s software that was unknown to exist at the time. Shortly after the attack was noticed, a patch was issued.
However, some users continued to be attacked because they didn’t install it.
The software is used by thousands of governments and financial institutions and hundreds of other public and private companies from around the world, and it’s been estimated that at least 455 organisations and over 23 MILLION individuals who were customers of MOVEit have had their information stolen.
Some of the organisations compromised include:
- Transport for London
- British Airways
- Aer Lingus
- Ernst & Young
- Northwest Mutual
- Pacific Premier Bank
- TransAmerica Life Insurance
- Bristol Myers Squibb
- Gen/Norton LifeLock
- Radisson Hotel
The majority of those organisations (73%) are based in the US, while the rest are international, with the most heavily impacted sectors being finance, professional services and educational institutions.
Cl0p is a type of ransomware that has been used in cyber attacks since 2019. Data stolen is published to a site on the dark web – a section of the worldwide web where cyber criminals sell and trade information without having to reveal themselves. The ransomware and website have been linked to FIN11, a financially motivated cyber crime operation that has been connected to both Russia and Ukraine and is believed to be part of a larger umbrella operation known as TA505.
What makes this attack so terrible is that many of the organisations compromised provide services to many other companies and government entities, which means it’s very likely their customers, patients, taxpayers and students were compromised by association.
And yes, you’re probably one of them.
The big question is, were you notified?
For some reason, this breach didn’t make mainstream headlines, but when a company is compromised, they are obligated to tell you if your data was stolen. However, if you haven’t been notified, it doesn’t mean you are in the clear.
Some organisations may still not be aware that they were exposed, or it’s possible that the notification slipped through your spam filters or is still making it’s way to you. Organising a letter or other notification for over 36 million people can take time.
What steps should you take now?
If you use the software:
- You need to ensure that all your passwords and PINs are changed ASAP,
- You must be on the lookout for any strange activity,
- Don’t use the same passwords and make sure they are at least 12 characters long, using uppercase and lowercase letters, as well as special characters and numbers.
- You should also ensure that MFA, or multifactor authentication, is turned on for all critical software applications and websites you use, such as Microsoft Office, QuickBooks, banking and payroll software, your credit card processor, etc.
To learn more about how vulnerable your business is to cyber attack or if there are any urgent actions you need to take, click here to book a FREE Cyber Security Risk Assessment with one of our experts.