Russian Hacker Group Strikes British Firms, Demands Ransom After Breach Affecting Thousands

Clop stole personal data from over 100,000 employees and claims to have attacked 100 more companies.

Renowned British organizations, including British Airways, Boots, and the BBC, have fallen victim to a brazen attack by the Russian-speaking cybercrime group, Clop.

The group has stolen the personal details of over 100,000 employees across these organizations, prompting an urgent ransom demand.

Hacker Group Relays Demand to UK Companies

The Guardian reports that the demand, which surfaced on Clop's dark website, has given the affected companies a deadline of 14 June to initiate ransom negotiations.

Failing to comply could result in the public release of the stolen data, which reportedly includes sensitive information such as names, addresses, national insurance numbers, and bank details.

Clop capitalized on a vulnerability in a business infrastructure component called MOVEit, utilized for secure file transfers within internal networks.

Exploiting this loophole, the group gained unauthorized access to multiple victims in a mass hack that has impacted six confirmed organizations.

While some of the affected organizations did not directly use the MOVEit software, they outsourced their payroll services to a third-party provider named Zellis, which was also targeted.

Hacker Group Threatens Hundred More Companies

The Guardian also reports that the hacker group claims to possess information on "hundreds" of companies. However, they remain tight-lipped about the specifics of their attack, referring to it vaguely as a "penetration testing service after the fact" in their post.

The demand further asserts that they are the only group conducting such attacks and reassures the victims that their data is secure.

Although the ransom demand does not specify a monetary sum, it insists on negotiating with the affected businesses. Clop also makes a curious claim of having deleted data obtained from state actors, stating, "Do not worry, we erased your data; you do not need to contact us. We have no interest in exposing such information."

Such gestures are common among professional hacking groups, aiming to extract maximum financial gain while minimizing the attention they attract from law enforcement agencies.

This threat represents an alarming escalation of conventional ransomware attacks and is categorized as "doxware." Unlike traditional ransomware that encrypts data and demands payment for decryption, doxware involves direct data theft with the threat of public exposure unless the ransom is paid.

Alarming Numbers

While it is strongly advised not to pay ransom demands to cyber criminals, there is a risk that some targeted companies may succumb to the pressure. This would only perpetuate the cycle of this devastating criminal group.

It is crucial for affected companies to prioritize transparency and support their employees and customers, offering guidance on protecting themselves and recognizing potential attacks.

According to Surfshark data, it appears that a total of 41.6 million accounts were compromised during the initial three months of 2023. This figure represents a substantial decrease compared to the previous quarter's alarming 80.8 million compromised accounts.

To provide some context, in the fourth quarter of 2022, around ten accounts were leaked for every 1,000 individuals, whereas in the first quarter of 2023, that number dropped to a mere five accounts per 1,000 people.

Stay posted here at Tech Times.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics