A widespread ransomware attack orchestrated by Russian cybercriminals has struck schools, businesses, and government agencies worldwide. The scale of the attack is still being assessed, but the US Cybersecurity and Infrastructure Security Agency (CISA) has reported intrusions in several federal agencies, with potential impact on numerous businesses. State agencies in Louisiana and Oregon also confirmed data breaches, leaving millions of individuals affected. This blog post provides an overview of the situation and offers essential information to stay informed and prepared.
Who Is Impacted?
The cyberattack has primarily targeted federal and state agencies, causing significant concerns. The Department of Energy has taken immediate action to mitigate the impact after discovering compromised records in two of its entities. Additional federal agencies have not yet confirmed any impacts. State governments in Minnesota and Illinois have also been affected. Moreover, the breach has extended to private companies, with the ransomware group known as Clop claiming responsibility for previous hacks on the BBC and British Airways. Companies like Aon and The Boston Globe have been listed as victims, and universities such as Johns Hopkins and Georgia’s state-wide university system have reported potential breaches.
Insights into the Cybercriminal Group:
Clop, the Russian ransomware gang behind the cybersecurity attack, is notorious for demanding multimillion-dollar ransoms from victims in exchange for not publishing their hacked data. The group claims to possess information on hundreds of companies and has even requested victims to contact them for ransom negotiations. Experts suggest that Clop’s unusual approach of asking victims to initiate contact indicates that they may be overwhelmed by the sheer number of impacted organizations. Notably, the group stated that they erased data from government, city, and police services and showed no intention of exposing such information.
How Did the Attack Happen?
The hackers exploited a vulnerability in MOVEit, widely used software for data transfer in companies and agencies. Progress Software, the US-based software manufacturer, confirmed the discovery of a new vulnerability that could be exploited by malicious actors. The company had issued security advisories to customers earlier, warning about the identified flaws and the potential for unauthorized access to systems.
Protective Measures and Response:
While individuals should maintain standard cybersecurity precautions like using strong passwords, enabling two-factor authentication, and staying vigilant against phishing attempts, the onus now lies on businesses and federal agencies. Robert Cattanach, a cybersecurity expert, emphasizes that the hackers are primarily focused on extorting compromised entities and casting doubt on the security of federal systems. CISA has directed all federal civilian agencies to update their MOVEit software, and Progress Software has released patches and published remediation steps for affected entities. However, the vulnerability of MOVEit makes it an attractive target for other threat actors, potentially leading to further attacks.
The ransomware attack targeting schools, businesses, and government agencies demands immediate attention and precautionary measures. While the full extent of the damage is yet to be determined, it is crucial for organizations to address vulnerabilities promptly and enhance their cybersecurity measures. By staying informed and proactive, we can mitigate the risks associated with such cyber threats and protect our data and systems effectively.
Cyber-attacks are on the rise and cyber criminals are getting smarter and more creative all the time. The insurance professionals at Swarts Manning are well versed in cyber insurance and can help you make sure your business is protected from cyber-attacks.
Click here to submit a Quote Request
If we have had the pleasure of working with you, we would love for you to leave a review on Google. Your honest thoughts help us improve and grow, and allow potential customers to get a better understanding of what we have to offer. Thank you in advance for your time and support!
Korn, J. (2023, June 16). A ransomware attack is hitting schools, businesses and government agencies. Here’s what you should know. CNN.