More victims have emerged of a Russian-speaking cybercrime group whose recent spree includes stealing information from several federal U.S. agencies, NBC News reported.
The BBC, Shell, Johns Hopkins Health System, British Airways, the state of Illinois, and the department of motor vehicles of Oregon and Louisiana all appear to have had their files stolen, according to various news releases.
The group, CLOP, is an established ransomware group, a type of organized cybercrime where hackers try to remotely extort victims by either remotely encrypting their data or stealing and threatening to publish files.
On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA), a federal agency that advises the nation on cyberattacks and helps protect federal networks, said that multiple agencies had been affected by CLOP’s recent spree. Only the Department of Energy has said so far that it is a victim.
According to NBC News, CLOP appears to have struck gold by identifying a flaw in MOVEIt, a computer program designed to help companies transfer files. Organizations using an outdated version of MOVEIt are susceptible to an attack where CLOP can scoop up files.
The Guardian reported that personal details of every holder of a driver’s license from the U.S state of Louisiana were exposed to hackers who have pulled off a colossal cyber-attack that also affected American federal agencies, British Airways and the BBC, according to officials.
A statement on Thursday from the governor of Louisiana, John Bel Edwards, said that his staff believes everyone with a driver’s license, identification card or car registration issued by the state of more than 4.6 million residents probably had their names, addresses, and social security numbers exposed to the hackers.
Other personal information to which the cyber-attackers apparently were Louisianans’ driver’s license numbers, vehicle registration data, handicap placard information, birthdates, heights and eye colors, Edward’s statement said.
The number of records involved is thought to be about 6 million, Louisiana’s homeland security and emergency preparedness director Casey Tingle, told reporters Friday.
According to The Guardian, British Airways last week confirmed that its staffers’ names, addresses, national insurance numbers and banking details were exposed because its payroll provider Zellis used MOVEIt. The BBC said its staff had also been afflicted because Zellis was its payroll provider, though the broad caster added that it did not believe banking details were compromised. The UK’s beauty and health companyBoots said some of its team members’ information was also stolen.
CNN reported that hundreds of organizations across the globe have likely had their data exposed after the hackers used the flaw to break into networks in recent weeks. Multiple US federal agencies, including the Department of Energy, were breached. The US Office of Personnel Management was also impacted by the sweeping hack, multiple sources told CNN on Friday.
In my opinion, now would be a good time for companies organizations who use MOVEIt to stop using it. Find a more secure way to manage sensitive data by putting it in a place where it cannot be easily accessed by ne’er-do-wells.