Hacker gang Clop publishes victim names on dark web

  • Published
Close up image of woman looking at a computer with screen reflected in glassesImage source, Getty Images

The names and company profiles of dozens of victims of a global mass hack have been published by a cyber crime gang holding their stolen data to ransom.

On Wednesday, the hacker group Clop began posting names of firms to its website on the darknet.

Twenty six organisations including banks and universities have been added to try to pressure victims into paying.

US federal bodies have also been targeted.

The US Cybersecurity and Infrastructure Security Agency told CNN it "is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications".

It is not known which agencies are affected or what data stolen, but cyber authorities say they do not expect it to have significant impact.

The mass hack is likely to have affected hundreds of organisations around the world with around 50 so far confirmed either by the firms themselves or by the hackers.

On the hacker's so called 'leak site' there are companies from the US, Germany, Belgium, Switzerland and Canada.

Oil giant Shell was posted on Wednesday and has since confirmed it is a victim.

The BBC is choosing not to name the other firms.

Ransomware gangs like Clop use their leak sites to "name and shame" victims into paying by posting company profiles. It is a well-trodden and often profitable process.

"Once Clop names companies to its data leak site, the group will start its rounds of negotiations with affected organisations, demanding ransom payments in order to avoid their data being breached, said Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest.

Mr Morgan says the hackers will hope that the victims make contact and set a deadline of how long they have before their data is made public.

Clop has been known to demand ransoms of hundreds of thousands, sometimes millions of dollars but police forces around the world discourage victims from paying as it fuels these criminal gangs.

The MOVEit hack was first disclosed on 31 May when US company Progress Software said hackers had found a way to break into its MOVEit Transfer tool.

MOVEit is software designed to move sensitive files securely and is popular around the world with most of its customers in the US.

Progress Software said it alerted its customers as soon as the hack was discovered and quickly released a downloadable security update.

But the criminals were already able to use their access to get into the databases of potentially hundreds of other companies.

Payroll services provider Zellis, which is based in the UK, was a MOVEit user which was subsequently breached. Zellis has confirmed that eight UK organisations have had data stolen as a result, including home addresses, national insurance numbers and, in some cases, bank details.

Not all firms have had the same data exposed.

Zellis customers which have been breached include the BBC, British Airways, Aer Lingus and Boots.

Related topics