Recent data extortion attacks that exploited a critical vulnerability in the MOVEit file transfer tool are likely to result in a payday as high as US$100 million for the cybercriminal group Clop, according to findings from incident response firm Coveware.
Clop, a Russian-speaking group, has claimed that if a victim company pays its demand, the group would not leak the victim’s stolen data on its darkweb site.
In a post Friday, Coveware suggested that the vast majority of victims impacted in the MOVEit campaign will refuse to pay Clop’s demands.
However, for the victim organizations that do pay, the extortion payment amounts could be substantial, according to the Coveware findings.
The company estimated that Clop will receive between US$75 million and US$100 million in the attacks, which are believed to have begun in late May.
“This is a dangerous and staggering sum of money for one, relatively small group to possess,” Coveware said in its report.
The MOVEit campaign windfall derives from “just a small handful of victims that succumbed to very high ransom payments,” the company said.
Managed file transfer tools, such as Progress’ MOVEit Transfer, enable the ingestion of large volumes of data that can then be moved from point to point, making them an appealing target for data thieves.
The widely exploited critical vulnerability in MOVEit (tracked at CVE-2023-34362) was reported by Progress on May 31.
There are now at least 383 known victims of the MOVEit attacks, with more than 20 million individuals impacted, according to tallies by Emsisoft threat analyst Brett Callow.
Support the originator by clicking the read the rest link below.
