The Russia-linked cybercrime gang thought to be behind a hack that has impacted companies around the world has posted a message to its corporate victims.
In short, firms affected by the MOVEit hack are being told to contact the Cl0p ransomware group before June 14, or face the consequences.
In a message posted on its dark web leak site, accessible via the Tor browser, the Cl0p gang tells companies that use Progress’s MOVEit Transfer product that it exploited a vulnerability in the software to access data.
Unusually for an extortion demand, and perhaps reflecting the likelihood that a wide variety of companies may have been impacted by the flaw, the message asks that affected companies make contact with the extortionists.
Once contact has been made, negotiations will begin to determine a price for the deletion of the stolen data claim Cl0p. However, if contact is not made before June 14, or if the ransom haggling lasts for too long, then the data will start to be published online.
Victims of the hack are believed to include the BBC, Aer Lingus, British Airways, and UK pharmacy chain Boots – all of whom had outsourced payroll management to Zellis, which used the vulnerable MOVEit software.
Signing itself off as “FRIENDLY CLOP,” the hackers claim that they have already erased all data relation to a governments, cities, and police services as it “has no interest to expose such information.”
More likely they are simply more worried about overly-antagonising law enforcement…
"More likely they are simply more worried about overly-antagonising law enforcement" – or perhaps that data is more valuable to them than money!