A ransomware gang known as Clop, which is reportedly linked to Russia, has recently unveiled a list of victims targeted in a series of mass hacks, according to a report by TechCrunch.

The group took advantage of a critical security vulnerability present in MOVEit Transfer, a widely used corporate file transfer tool, starting in late May. Progress Software, the developer of MOVEit, managed to fix the flaw, but not before several of its customers fell victim to the attack.

While the precise number of victims remains uncertain, Clop has already released an initial list of organizations it claims to have hacked by exploiting the MOVEit flaw. 

Dark Web Leak Site

The list was published on Clop's dark web leak site and included prominent financial institutions like 1st Source and First National Bankers Bank, investment management firm Putnam Investments based in Boston, Landal Greenparks from the Netherlands, and the UK's energy giant Shell.

GreenShield Canada, a non-profit organization providing benefits, was initially listed among the leaked victims but was subsequently removed. 

Additional entities affected by the attack include Datasite, a financial software provider; The National Student Clearinghouse, an educational non-profit; United Healthcare Student Resources, a student health insurance provider; Leggett & Platt, an American manufacturer; ÖKK, a Swiss insurance company, and the University System of Georgia (USG).

A spokesperson from USG, who requested anonymity, informed TechCrunch that the university is presently assessing the scale and seriousness of the potential data exposure. If necessary, the university will adhere to federal and state regulations and issue appropriate notifications.

Florian Pitzinger, the spokesperson for German engineering firm Heidelberg, acknowledged the incident involving their supplier software mentioned on Clop's Tor website. Pitzinger stated that the incident occurred a few weeks ago and was promptly addressed, resulting in no data breach.

Clop deviated from its usual approach by posting a blackmail message on its dark web leak site instead of directly contacting the hacked organizations for ransom payments. Victims were instructed to establish contact before the June 14 deadline.

Read Also: DOJ Hunts Alleged Russian Ransomware Hacker by Offering $10 Million Reward

Significant Amount of Stolen Data

Although no stolen data has been publicly released, Clop has informed victims that a significant amount of their data has already been obtained.

More victims are emerging, including organizations like the BBC, Aer Lingus, and British Airways, which disclosed prior compromises due to their reliance on Zellis' MOVEit system for HR and payroll. 

The Government of Nova Scotia, using MOVEit for interdepartmental file sharing, confirmed the potential compromise of citizens' personal information. Clop claims to have erased all data for government, city, and police services.

Johns Hopkins University's recent cybersecurity incident is believed to be linked to the MOVEit mass-hack, potentially exposing sensitive personal and financial information.

Ofcom, the communications regulator in the UK, confirmed the compromise of confidential information in the MOVEit mass-hack. This includes data from companies under its supervision and the personal information of 412 Ofcom employees. 

Thousands of discoverable MOVEit servers, mainly in the US, indicate more victims to be revealed soon. Researchers found evidence of Clop exploiting the MOVEit vulnerability since 2021, experimenting with methods to exploit it for nearly two years. 

Related Article: Fastest Ransomware Identified by Check Point; Here's How Rorschach Works