Clop gang: Russian hackers issue ‘dark web ultimatum’ to BBC, Boots and BA

A gang of cyber criminals, believed to originate from Russia, has targeted several high-profile British businesses, warning over 100,000 staff members that they plan to publish stolen data.

Well known on the dark web, the prolific Clop group posted a notice telling those who have been affected by the recent hack to email them before their set deadline of 14 June – or prepare for potentially devastating consequences.

The hackers have exploited the popular file transfer software called MOVEit used by payroll provider Zellis to gain access to employee information at the affected companies. This is now “casting a cloud over a growing number of UK firms and their staff”, Sky News said.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Microsoft analysts believe Clop is to blame having studied the techniques used in this most recent hack, and it has now been confirmed in a “long blog post written in broken English”, the BBC said.

The post said that the companies targeted in the hack should send an email to the gang “to begin a negotiation on the crew’s darknet portal”, the BBC added.

Who has been affected and how?

A number of well-known businesses have been impacted by the hack. Payroll data from British Airways, Boots, the BBC, Aer Lingus and others has been accessed.

One British Airways employee told the Daily Mirror they had woken up “to an email to find out all my details needed to steal my identity have been stolen from my company”.

The “UK’s leading payroll provider” Zellis said eight of its customers have been targeted by this “global issue”, City A.M. reported. The hack “may have exposed personal information including names, addresses and banking details”, the newspaper added.

Hackers have “exploited a backdoor in a piece of software used by Zellis called MOVEit”, said The Daily Telegraph, using this to harvest data from unsuspecting victims.

A spokesperson for Progress Software, the company that makes MOVEit, said: “Our customers have been, and will always be, our top priority. When we discovered this vulnerability we promptly launched an investigation, alerted customers of the issue, provided immediate mitigation steps, disabled web access to MOVEit Cloud, and developed a security patch to address the vulnerability within 48 hours.”

What can those who have been affected do?

“The important message to organisations right now is not to panic, to install the security patch and not to pay the criminals,” Professor Ciaran Martin, former head of the National Cyber Security Centre, told the BBC.

Businesses have also been urged to “be smart” and “disable any web traffic to the MOVEit program until they’re able to apply the patches”, Axios added, as fixes for the affected versions of the software have now been released.

But preparing for future attacks is widely considered by experts to be the next best course of action in helping to protect companies in a new era of online interaction.

Writing for the Financial Times, data protection expert Joanne Vengadesan said that a “response plan is critical”, and this could involve “running dummy attacks internally” to help businesses familiarise themselves with their responsibilities.

“A true team effort is required, as there are so many actions required for an attack to be spotted and managed as quickly as possible,” she added.

Are cyberattacks on the rise?

Put simply, yes. There has been a “38% increase in global attacks in 2022, compared to 2021”, Security magazine reported.

The situation has been compounded by the Ukraine war, with Russian hackers “at times deployed in combination with missile strikes”, said The Guardian. Ukraine has suffered a “threefold growth in cyber-attacks over the past year”, it reported. These attacks have often involved “destructive, disk-erasing wiper malware”, Viktor Zhora, from Ukraine’s SSSCIP agency, told the paper.

Ultimately, the war in Ukraine is a “turning point for cyberwarfare”, said Cristina Vanberghen for Politico. She suggested it could “mark the starting point of a new global order”, and drastically alter perspectives on national sovereignty.

Vanberghen added the ongoing conflict will mean countries must find new ways of responding to an “onslaught of cyber ‘confusion’ all over the world”.