Russian Crimeware Gang Cl0p Goes on Ransomware Attack
In February, a notorious Russian gang known as cl0p affected over 130 companies using the file transfer service Goanywhere MFT. A new report from Techcrunch reveals that the affected companies are widespread across different industries, and the list of known victims is still growing.
The cl0p gang, which is known for installing blackmail malware, started demanding ransom payments from their victims in mid-March. They have been publishing a list of affected companies on the dark web, which includes many big names in the health sector.
Many of the affected companies have chosen to remain silent about the attack, but Techcrunch contacted some of the companies on the list and found that none denied using the file transfer service Goanywhere MFT from Fortra. This service provider is believed to have been breached through a security gap in the administration access.
It appears that around 140 Fortra customers had made their admin access freely accessible on the internet, which made it possible for the cl0p gang to exploit the vulnerability. It is unclear whether Fortra even knows which customers are affected.
The Canadian healthcare provider Homewood Health, the Swiss pharmaceutical company Galderma, the English foundation for affordable housing Guinness Partnership, the Colombian energy company Grupo Vanti, and the US financial institution Cornerstone Home Lending have all been affected by the attack.
The US call center operator ITx Companies, startup Brightline, and drug manager MedMinder have also been affected by the attack. The Canadian metropolis Toronto and department store operator Saks Fifth Avenue have also admitted to being affected by the attack, although they claim that no internal data or population data has been released.
Community Health Services, one of the largest healthcare providers in the US, has been hit particularly hard by the attack. The health records of over a million Americans have fallen into the hands of perpetrators. Hatch Bank and IT security specialist Rubrik have also been communicating the hack.
Hitachi Energy has reported a burglary, but claims it happened at Fortra. Avidxchange, a start-up that offers software for payment transactions, reports that it is only rudimentarily affected. Meanwhile, criminals have started releasing data stolen from investment manager Onex.
The attack shows just how vulnerable companies can be to cyber threats, and how important it is to maintain proper security measures. Fortra and the affected companies will need to take the necessary steps to patch the security gap and ensure that they are protected in the future.
