Is the release of the data an indication that the negotiations with the victims failed?
Cl0p (Clop), the cybercriminal group responsible for the MOVEit Transfer cyberattack, has published data stolen from 56 organisations and universities. The stolen data package is one of the largest on the group's website.
Discovery, Honeywell, Radisson Americas by Choice Hotels, TomTom, Pioneer Electronics, Autozone, and Johns Hopkins University have all been named as victims.
Attackers shared screenshots of stolen data ranging from payrolls to corporate documents and confidential user information. Extortion groups frequently release samples of stolen data to compel victims to pay a ransom.
Part of the published data on the Clop website
So far, over 540 organisations have been confirmed to have been impacted by Clop attacks on MOVEit Transfer, and over 37 million people have been affected by a data breach. Experts are concerned that the group's success will encourage other cartels to employ Clop's tactics.
Among the victims of the Clop group are international behemoths such as the accounting firm Deloitte, the Chuck E. Cheese chain of children's entertainment centres and pizzerias, the government contractor Maximus, and the Hallmark Channel. Hackers claim to have successfully compromised company systems by exploiting a flaw in the file transfer software MOVEit Transfer. Deloitte joined PwC and Ernst & Young as the world's largest accounting firms to be impacted by the Clop group's actions.
Remember that the attack on the MOVEit Transfer service began on May 27, during the long Memorial Day weekend in the United States, when it was discovered that numerous organisations' data had been stolen. Microsoft Threat Intelligence experts initially suggested that Clop was part of this attack, but later, the ransomware itself went to popular media and claimed responsibility for what they had done.