CIOp , the Russia-based cybercrime gang has now started to expose its victim organizations that have refused to negotiate with its demands. Apparently, the victims’ names have been exposed on its leak website, will Shell being the first company to be revealed.
Following the leak, Shell confirmed being affected by the MOVEit attack. In a statement published on Wednesday, the company clarified that the MFT software was “used by a small number of Shell employees and customers.”
“Some personal information relating to employees of the BG Group has been accessed without authorization,” it added.
Shell confirmed the incident only after the Cl0p hacking gang disclosed files allegedly taken from the company. The fact that the group made 23 archive files with the label "part1" public may indicate that they have access to more information.
Following this discloser, the ransomware gang added that they did so since the company refused to negotiate.
However, it is yet not particularly clear of what information has been compromised. Although, the firm confirmed to have informed the affected victims.
Moreover, toll-free phone numbers have been made available to employees in in Malaysia, South Africa, Singapore, Philippines, UK, Canada, Australia, Oman, Indonesia, Kazakhstan, and Netherlands. Thus, indicating that the affected individuals are more likely to be from these countries.
Since no file-encrypting software was used in the attack, Shell noted that "this was not a ransomware event" and that there is no proof that any other IT systems were impacted.
It is worth mentioning that this was not the first time that Shell has been targeted by the CIOs group, since in 2020 the threat actors targeted the company’s Accellion file transfer service. The company noted that during this hack the hackers stole their personal and corporate data.
Some of the other notable companies targeted by the latest MOVEit exploit includes Siemens Energy, Schneider Electric, UCLA, and EY.
It has also been confirmed by some government organizations that they as well were impacted by the hack, while the ransomware group claims to have deleted all the data acquired from such entities.