Cl0p gang tells MOVEit hack victims to contact it before June 14, or else…

Cl0p gang tells MOVEit hack victims to contact it before June 14, or else...

The Russia-linked cybercrime gang thought to be behind a hack that has impacted companies around the world has posted a message to its corporate victims.

In short, firms affected by the MOVEit hack are being told to contact the Cl0p ransomware group before June 14, or face the consequences.

In a message posted on its dark web leak site, accessible via the Tor browser, the Cl0p gang tells companies that use Progress’s MOVEit Transfer product that it exploited a vulnerability in the software to access data.

Cl0p message
Part of the message posted on Cl0p’s leak website.

Unusually for an extortion demand, and perhaps reflecting the likelihood that a wide variety of companies may have been impacted by the flaw, the message asks that affected companies make contact with the extortionists.

Once contact has been made, negotiations will begin to determine a price for the deletion of the stolen data claim Cl0p. However, if contact is not made before June 14, or if the ransom haggling lasts for too long, then the data will start to be published online.

Victims of the hack are believed to include the BBC, Aer Lingus, British Airways, and UK pharmacy chain Boots – all of whom had outsourced payroll management to Zellis, which used the vulnerable MOVEit software.

Sign up to our free newsletter.
Security news, advice, and tips.

Signing itself off as “FRIENDLY CLOP,” the hackers claim that they have already erased all data relation to a governments, cities, and police services as it “has no interest to expose such information.”

More likely they are simply more worried about overly-antagonising law enforcement…


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Cl0p gang tells MOVEit hack victims to contact it before June 14, or else…”

  1. Zhi Zhu

    "More likely they are simply more worried about overly-antagonising law enforcement" – or perhaps that data is more valuable to them than money!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.