The recent attack, which commenced earlier this month, has the potential to become one of the largest cyberattacks in history. Its victims include various entities from the public and private sectors in the United States, United Kingdom, and other countries.
Reports suggest that Cl0p, the cybercriminal group behind the attack, claims to possess data from prominent organizations like Sony, as well as leading accountancy firms EY and PwC. In a statement, Cl0p warned that it possesses approximately 120GB of data from PwC, which it may release if its demands are not met.
However, Cl0p denies having any data from government agencies, emphasizing that its focus lies solely on exploiting private companies for financial gain. The group clarifies on its blog that it receives numerous emails regarding government data but promptly deletes such information, as its motivations are primarily monetary and not political.
Typically, ransomware groups deny possessing sensitive government information, especially if they believe that holding such data would invite closer scrutiny from law enforcement agencies.
Notable organizations affected by the security vulnerability in MOVEit Transfer, a widely used secure file transfer system, include British Airways, the BBC, and Boots. These entities informed their staff that their data may have been compromised following a breach of payroll platform Zellis, which is used by all three companies.
Although Cl0p denies having any data from Zellis, an email exchange with the BBC reveals the group's claim that they do not possess the information and have notified Zellis about it. The group asserts its longstanding policy of truthfulness, stating that if they say they don't have certain data, they genuinely do not possess it.
The hackers allegedly set a deadline of 14 June for the affected companies to pay a ransom, or else their data would be exposed online. However, no information has been leaked thus far, raising the possibility that other cybercriminals may also be taking advantage of the MOVEit Transfer vulnerability.
The software vendor, Progress Software, disclosed the glitch on 31 May, but no other hacker group has publicly claimed responsibility for stealing data through this exploit.