'Clop' hackers begin posting company names on dark web

Ransomware gang carries through its threat to reveal the names of the companies it claims to have hacked

BERLIN, GERMANY - JUNE 22: In this photo Illustration hands typing on a computer keyboard on June 22, 2016 in Berlin, Germany. (Photo Illustration by Thomas Trutschel/Photothek via Getty Images) *** Local Caption *** op27se-online-troll.jpg

The hacker gang Clop has posted profiles on the dark web of companies from which it claims to have stolen sensitive data. Getty Images

Matthew Davies author image
Matthew Davies
London
Jun 16, 2023
Powered by automated translation

The cybercrime gang Clop has posted the company profiles of dozens of businesses from whom it claims to have stolen data on the dark web.

The mass hack was revealed more than a week ago when Clop, which is thought to be based in Russia, warned that if negotiations were not entered into, it would begin releasing sensitive information, including staff members' personal details.

At the time, Clop did not reveal which companies had been targeted, although subsequently British Airways, the pharmacy chain Boots and the BBC informed their staff that their personal information may have been compromised, after a breach at their payroll provider, Zellis.

Read more
BA, Boots and BBC among companies given ultimatum over Clop ransomware attack

Now, the BBC claims that more than 26 organisations, including universities and banks, have had their company profiles posted on Clop's so-called leak site in an effort to increase the pressure on companies to pay ransoms.

US Federal Agencies

Clop was able to break into MOVEit, a piece of popular business software, from where they were able to target hundreds of companies and institutions around the world, including several federal agencies in the United States.

The US Cybersecurity and Infrastructure Security Agency (Cisa) said on Thursday that “as far as we know” Clop had been able to steal only data stored on MOVEit, and that further incursions into other parts of the federal network was not happening.

It is believed that a contractor at a US national laboratory and a radioactive waste storage site managed by the US Department of Energy (DoE) were among the victims.

“Upon learning that records from two DoE entities were compromised in the global cyberattack on the file-sharing software MOVEit transfer, DoE took immediate steps to prevent further exposure to the vulnerability,” a spokesperson for Cisa said.

Nonetheless, the list of potential victims seems to be growing, and now includes the oil company Shell, the government of Nova Scotia, the UK communications regulator Ofcom, the Minnesota Department of Education, and the Dutch campsite and recreation company Landal GreenParks.

In the UK, the communications firm Adare SEC said it had been hit by the MOVEit hack and that data had been stolen. The company sends digital communications and printed letters to customers on behalf of various businesses, including Legal and General Group, Aon and Allianz.

Updated: June 16, 2023, 9:32 AM
UKCyber crime
Editor's picks
More from the national