A Ransomware Attack is Hitting Schools, Businesses and Government Agencies. Here’s What You Should Know
A global cyberattack orchestrated by Russian cybercriminals has targeted numerous businesses, universities, and government agencies, leading to efforts to assess the extent of the data compromised.
While the full scope of the attack remains unknown, the US Cybersecurity and Infrastructure Security Agency (CISA) revealed that several federal agencies experienced intrusions, and additional businesses could also be affected.
State agencies in Louisiana and Oregon reported that millions of individuals had their data compromised in a separate security breach. The Russian ransomware gang known as Clop has been associated with this broader hacking campaign, exploiting software vulnerabilities.
The true extent of the cyberattack is challenging to determine, as is often the case with such compromises. It typically takes weeks or even months to ascertain the level of intrusion and the data accessed.
Government agencies, including the Department of Energy, have taken immediate steps to mitigate the impact of the hack after learning of compromised records. State governments in Minnesota and Illinois have also been targeted.
Moreover, private companies have fallen victim to the attack, with Clop claiming responsibility for breaches affecting the BBC, British Airways, Aon, and The Boston Globe.
Academic institutions such as Johns Hopkins University and Georgia’s state-wide university system have also been affected, with potential theft of sensitive personal and financial information.
Clop, the ransomware gang behind the cyberattack, has a history of demanding large payments from victims before publishing hacked data.
The group claims to possess information on numerous companies and has requested that victims contact them for ransom negotiations. The sheer number of affected organizations may have overwhelmed the gang, leading to a change in their approach.
They stated on the dark web that they had erased all data belonging to government, city, and police services, assuring them that there was no need to contact the hackers.
The cyberattack exploited a vulnerability in MOVEit, widely used software for data transfer by companies and agencies.
The US company Progress Software, the developer of MOVEit, acknowledged the presence of a new vulnerability in the software that could be exploited by malicious actors. The company had issued warnings to customers about security flaws in the software prior to the attack.
Progress released two software patches to address the issue and provided remediation steps for affected entities.
While individuals should continue to follow standard cybersecurity precautions, such as using strong passwords, enabling two-factor authentication, and monitoring their credit scores and account activity, the primary responsibility for addressing this attack lies with businesses and government agencies.
The hackers’ primary focus is on ransom demands and creating doubts about the security of federal systems. CISA has ordered federal civilian agencies to update their MOVEit software, and Progress has taken steps to address the vulnerability.
However, the compromised nature of MOVEit makes it an attractive target for other threat actors, and the consequences of the data theft may become apparent in the coming months as the situation unfolds.
