A cybercriminal group, known as Clop ransomware, claims to have erased the sensitive personal data of up to 100,000 Nova Scotians that was in their possession. However, cybersecurity experts advise the province to be skeptical of this assertion.
According to the group, they conducted a hack on the MOVEit file-sharing system, affecting users globally, including the Nova Scotia government and British Airways. They recently published a statement on their website declaring that they have deleted all the data they had stolen from government entities, cities, and police services.
The note emphasized that they had no intention of exposing such information from these public organizations. On the other hand, the group has set a deadline of June 14 for private companies to contact them for ransom negotiations.
Despite Clop's seemingly benevolent gesture towards public institutions, cybersecurity experts caution the Nova Scotia government to maintain a state of vigilance. It is crucial for them to remain cautious and not let their guard down in light of this declaration.
“Clop’s claim to have deleted data belonging to public sector bodies should be assumed to be false,” said Brett Callow in an email. Callow is a Vancouver Island-based threat analyst with cybersecurity company Emsisoft.
“There is no reason for a criminal enterprise to simply delete information that may have value,” Callow said, adding that the data could be sold or traded, or used for phishing -- a type of email scam that induces people to reveal personal data.
“And even if they did delete it, that does not undo the breach.”
The government of Nova Scotia has disclosed that approximately 100,000 current and former employees in the public sector may have had their sensitive personal information compromised in a hack targeting the MOVEit software. Officials stated that the breach was detected last week and that the stolen data included social insurance numbers, addresses, and banking details.
“This is a criminal organization,” Khalehla Perrault said in an email. “We don’t consider them trustworthy, and we won’t be communicating with them.”
According to Lawrence Abrams, the owner, and editor-in-chief of cybersecurity news site bleepingcomputer.com, cybercriminals tend to target government, military, and healthcare organizations as it often leads to significant law enforcement operations. While gangs like Clop have targeted public entities before, they may intentionally avoid doing so. Abrams also warned that when hackers claim to have deleted stolen data, they might still sell or exploit it in the future.
Ian L. Paterson, the CEO of Vancouver-based cybersecurity company Plurilock, echoed Abrams' sentiment, suggesting that Clop aims for the largest possible payout while minimizing the risk of being apprehended. Paterson advised skepticism regarding the claims of data erasure. He commended the Nova Scotia government's transparency in communicating the breach to the public. Paterson viewed the incident as an opportunity for organizations and individuals to assess the security of their systems and data transmission to enhance their protection against cyber threats.
The Nova Scotia government stated that its investigation into the breach is ongoing, and affected individuals will be contacted once identified. Perrault advised potential victims to monitor their financial transactions, report any suspicious activity to their bank, and regularly check the government's dedicated website for updates on the breach.