The CL0P (aka TA505) ransomware crew recently hit the state of Illinois computer systems, exploiting a flaw in the MOVEit Transfer file-sharing software to launch a wide-ranging cyber assault.
Illinois officials confirmed the May 31 cyberattack, which also hit the British Broadcasting Company (BBC), British Airways and Nova Scotia, Canada’s government, an Associated Press report said. A retail chain in the U.K. and the Walgreen’s pharmacy were also attacked, Crain’s Chicago Business reported.
Cybersecurity experts said that CL0P had been investigating targets and stealing data two months before the Illinois attack, the AP said.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure and Security Agency (CISA) both pointed the finger at CL0P as responsible for the attacks.
CISA's Advice for CLoP Ransomware Victims
CISA issued a set of mitigations for organizations hit by the ransomware to protect themselves:
CL0P Gang Requests Ransoms
Managed service providers (MSPs) are a favorite target of the CL0P gang, responsible for 11% of attacks in 2022, according to a ConnectWise report. There is no word at this point if this attack has spread to service providers.
However, on its website, CL0P suggested that the attack could have spread to hundreds of organizations. The gang gave victims two weeks, until June 14, to negotiate a ransom or its data would appear on public websites.
In commenting on the TA505 attacks, CISA said:
“Considered to be one of the largest phishing and malspam distributors worldwide, TA505 is estimated to have compromised more than 3,000 U.S.-based organizations and 8,000 global organizations."
