In May, MOVEit, a file transfer platform developed by Progress Software, experienced a security breach perpetrated by a Russian ransomware group called Cl0p. The attackers exploited a previously unknown vulnerability in Progress’s software. Following the discovery of the breach, a patch was swiftly released. However, some users fell victim to subsequent attacks because they failed to install the patch.
MOVEit is a widely used software solution employed by governments, financial institutions, and hundreds of other public and private enterprises worldwide. It is estimated that at least 455 organizations, encompassing over 23 million individuals who were MOVEit customers, have had their data compromised.
Among the affected organizations are:
- The US Department of Energy
- New York City Department of Education
- Ernst & Young
- Northwestern Mutual
- Pacific Premier Bank
- TransAmerica Life Insurance
- Bristol Myers Squibb
- Gen/Norton LifeLock
- Radisson Hotel
- British Airways
Approximately 73% of these organizations are based in the United States, with the remaining international entities. The sectors most heavily impacted include finance, professional services, and educational institutions.
Cl0p ransomware has been used in cyberattacks since 2019. Stolen data is typically published on the dark web, a hidden internet section where cybercriminals trade information anonymously. This ransomware and its associated website have been linked to FIN11, a financially motivated cybercrime operation believed to have ties to Russia and Ukraine, operating within a larger umbrella operation known as TA505.
This attack is particularly concerning because many affected organizations provide services to numerous other companies and government entities, raising the likelihood that their customers, patients, taxpayers, and students may have been indirectly affected by the breach. You may be among those impacted.
The important question is: Have you been notified?
Despite not garnering widespread media attention, organizations must inform individuals if their data has been compromised in a breach. This notification can be sent via email or physical mail. However, due to spam filters and the scale of the breach, email delivery is not a foolproof way to ensure that an important message reaches its recipient. Preparing letters for over 36 million people can also be a time-consuming process.
If you are a user of this software, it is crucial to promptly change all your passwords and PINs. Ensure that your passwords are unique, at least 12 characters long, and incorporate a mix of uppercase and lowercase letters, special characters, and numbers.
Additionally, enable multifactor authentication (MFA) for all critical software applications and websites you use, including but not limited to Microsoft Office, QuickBooks, banking and payroll software, and your credit card processing tools.
If you are concerned about your company’s information being on the dark web, you can request a complimentary Dark Web Vulnerability Scan for your organization by clicking here (please note that this service is not available for individuals). Simply provide your domain name, and we will conduct the search free of charge. We will contact you privately to discuss the results. If you have any questions, please call us at 973-575-4950.