US and British cybersecurity officials warned Wednesday that a Russian cyber-extortion gang's hack of a file-transfer program popular with corporations could have widespread global impact.
Photo Insert: Initial data-theft victims include the BBC, British Airways and Nova Scotia's government.
Initial data-theft victims include the BBC, British Airways and Nova Scotia's government, the Associated Press (AP) reported.
"This is potentially one of the most significant breaches of recent years," said Brett Callow, an analyst at the cybersecurity firm Emsisoft. "We'll have a better sense of how significant it is as more details emerge about the number and type of organizations impacted."
The Cl0p ransomware syndicate announced on its dark website late Tuesday that its victims -- who it suggests number in the hundreds -- had until June 14 to get in touch to negotiate a ransom or risk having sensitive stolen data dumped online.
The exploited program, MOVEit, is widely used by businesses to securely share files. The parent company of its US maker, Progress Software, alerted customers to the breach on May 31 and issued a patch. B
ut cybersecurity researchers say scores if not hundreds of companies may by then have had sensitive data quietly exfiltrated.
"There are undoubtedly organizations who don't even know yet that they're affected," said Caitlin Condon, senior manager of security research at the cybersecurity firm Rapid7, noting that MOVEit is particularly popular in North America.
"We've seen a wide range of organizations affected by this attack across health care, financial services, technology, manufacturing, insurance, government, and more," Condon said via email, adding that more businesses can be expected to disclose data theft, particularly "as regulatory reporting requirements come into play."
Asked to confirm the identity of several reported victims, a Cl0p spokesperson responding to an email query said, "We have not yet examined company files as you can see on our site, we have given the opportunity to companies to decide their privacy before our actions," Mainichi Japan also reported.
Kommentare