Clop gang: Russian hackers issue ‘dark web ultimatum’ to BBC, Boots and BA
Affected companies urged to install security patches and not pay cyber criminals behind hack
A gang of cyber criminals, believed to originate from Russia, has targeted several high-profile British businesses, warning over 100,000 staff members that they plan to publish stolen data.
Well known on the dark web, the prolific Clop group posted a notice telling those who have been affected by the recent hack to email them before their set deadline of 14 June – or prepare for potentially devastating consequences.
The hackers have exploited the popular file transfer software called MOVEit used by payroll provider Zellis to gain access to employee information at the affected companies. This is now “casting a cloud over a growing number of UK firms and their staff”, Sky News said.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Microsoft analysts believe Clop is to blame having studied the techniques used in this most recent hack, and it has now been confirmed in a “long blog post written in broken English”, the BBC said.
The post said that the companies targeted in the hack should send an email to the gang “to begin a negotiation on the crew’s darknet portal”, the BBC added.
Who has been affected and how?
A number of well-known businesses have been impacted by the hack. Payroll data from British Airways, Boots, the BBC, Aer Lingus and others has been accessed.
One British Airways employee told the Daily Mirror they had woken up “to an email to find out all my details needed to steal my identity have been stolen from my company”.
The “UK’s leading payroll provider” Zellis said eight of its customers have been targeted by this “global issue”, City A.M. reported. The hack “may have exposed personal information including names, addresses and banking details”, the newspaper added.
Hackers have “exploited a backdoor in a piece of software used by Zellis called MOVEit”, said The Daily Telegraph, using this to harvest data from unsuspecting victims.
A spokesperson for Progress Software, the company that makes MOVEit, said: “Our customers have been, and will always be, our top priority. When we discovered this vulnerability we promptly launched an investigation, alerted customers of the issue, provided immediate mitigation steps, disabled web access to MOVEit Cloud, and developed a security patch to address the vulnerability within 48 hours.”
What can those who have been affected do?
“The important message to organisations right now is not to panic, to install the security patch and not to pay the criminals,” Professor Ciaran Martin, former head of the National Cyber Security Centre, told the BBC.
Businesses have also been urged to “be smart” and “disable any web traffic to the MOVEit program until they’re able to apply the patches”, Axios added, as fixes for the affected versions of the software have now been released.
But preparing for future attacks is widely considered by experts to be the next best course of action in helping to protect companies in a new era of online interaction.
Writing for the Financial Times, data protection expert Joanne Vengadesan said that a “response plan is critical”, and this could involve “running dummy attacks internally” to help businesses familiarise themselves with their responsibilities.
“A true team effort is required, as there are so many actions required for an attack to be spotted and managed as quickly as possible,” she added.
Are cyberattacks on the rise?
Put simply, yes. There has been a “38% increase in global attacks in 2022, compared to 2021”, Security magazine reported.
The situation has been compounded by the Ukraine war, with Russian hackers “at times deployed in combination with missile strikes”, said The Guardian. Ukraine has suffered a “threefold growth in cyber-attacks over the past year”, it reported. These attacks have often involved “destructive, disk-erasing wiper malware”, Viktor Zhora, from Ukraine’s SSSCIP agency, told the paper.
Ultimately, the war in Ukraine is a “turning point for cyberwarfare”, said Cristina Vanberghen for Politico. She suggested it could “mark the starting point of a new global order”, and drastically alter perspectives on national sovereignty.
Vanberghen added the ongoing conflict will mean countries must find new ways of responding to an “onslaught of cyber ‘confusion’ all over the world”.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Rebekah Evans joined The Week as newsletter editor in 2023 and has written on subjects ranging from Ukraine and Afghanistan to fast fashion and "brotox". She started her career at Reach plc, where she cut her teeth on news, before pivoting into personal finance at the height of the pandemic and cost-of-living crisis. Social affairs is another of her passions, and she has interviewed people from across the world and from all walks of life. Rebekah completed an NCTJ with the Press Association and has written for publications including The Guardian, The Week magazine, the Press Association and local newspapers.
-
Cautious optimism surrounds plans for the world's first nuclear fusion power plant
Talking Point Some in the industry feel that the plant will face many challenges
By Justin Klawans, The Week US Published
-
Explore new worlds this winter at these 6 enlightening museum exhibitions
The Week Recommends Discover the estrados of Spain and the connection between art and chess in various African countries
By Catherine Garcia, The Week US Published
-
2024: the year of Black country artists
In the Spotlight Beyoncé debuted 'Cowboy Carter' at the top of the country charts, shining a spotlight on artists like Shaboozey
By Theara Coleman, The Week US Published
-
Questions arise over the use of an AI crime-fighting tool
Under the Radar The tool was used in part to send a man to prison for life
By Justin Klawans, The Week US Published
-
Why Captchas are getting harder to solve
Under The Radar If the process continues to get harder, it could cause problems for people trying to book tickets for popular shows
By Chas Newkey-Burden, The Week UK Published
-
Data breaches increased in 2023 and with them, internet security concerns
The Explainer One report found a 78% year-to-year increase in breaches from 2022 to 2023
By Justin Klawans, The Week US Published
-
Cyberflashing, fake news and the new crimes in the Online Safety Act
The Explainer UK's first conviction demonstrates scope of controversial law that critics describe as a threat to privacy and free speech
By Harriet Marsden, The Week UK Last updated
-
Twitter to X and five other controversial rebrands from history
Under the Radar Elon Musk’s decision joins a long list of derided company changes
By Rebekah Evans Published
-
Threads: will privacy fears scupper Meta’s Twitter ‘killer’?
Under the Radar Mark Zuckerberg’s new Threads app has launched but data protection rules mean it isn’t yet available in the EU
By Keumars Afifi-Sabet Published
-
Russian hackers allegedly breach US government agencies in cyberattack
Speed Read
By Theara Coleman Published
-
Chatbot wars: Google launches Bard to take on ChatGPT
Under the Radar Search giant’s first foray into generative AI sets the scene for new conflict among Big Tech companies
By Jamie Timson Published