Cyber Security
What’s Up With The World Wide Ransomware Attacks?
By TechDogs Bureau
Updated on Mon, Jul 3, 2023
Share
ATTACK!
There’s no need to duck but you need to be careful as cyber attackers are operating in full swing!
Businesses, schools, universities, government agencies and even individuals have been the latest target of cybercriminals through ransomware.
It’s an extensive and complex issue in cyber security circles; in fact, its entire scope is yet unknown.
Robert Cattanach, a cybersecurity specialist and partner at the law firm Dorsey & Whitney (and a former trial lawyer for the Department of Justice) said, “Nobody knows the full extent of this, and that’s the way these cyber compromises work … Once you’re compromised, there begins an arduous process of ‘how far in did they get in?’ and ‘what did they take?’ That’s typically weeks, and sometimes months.”
Let’s dig in deeper.
WHO IS DOING IT?
The ruling theory is that the ransomware attacks are conducted by a Russian gang called Clop, which demands multimillion-dollar payments before publishing hacked data.
According to CNN, the gang claims to have “information on hundreds of companies” and according to cybersecurity experts, since the gang is listing its victims and asking them to initiate contact shows that they are “overwhelmed” by the number of victims.
Interestingly, though, regarding federal agencies, Clop simply posted, “If you are a government, city or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.”
HOW IS IT HAPPENING?
Quite simply, Clop exploited a security weakness or vulnerability in MOVEit, a software used by many entities and individuals to transfer data.
Progress Software, the maker of MOVEit, even warned its customers in early June about the vulnerability. After the list of vulnerabilities was discoveries, it led to a range of security patches being released.
WHO HAS BEEN AFFECTED?
As of 29th June, it’s reported that there are over 140 victims, but the count is still increasing.
Affected agencies include The Department of Energy, Minnesota and Illinois state governments, US Department of Health and Human Services (HHS), the Nova Scotia government and more.
Businesses, organizationsand IT companies include Extreme Networks, Gen/NortonLifeLock, PricewaterhouseCoopers, Ernst & Young, Schneider Electric, Nuance, Sony, Cognizant, BBC, British Airways, Siemens Energy, Boots, Zellis, The University of California–Los Angeles (UCLA), Johns Hopkins University, Georgia University and more.
Moreover, 15.5 million individuals and their personal data, including roughly 3.5 million Oregon driver’s license holders, 6 million Louisiana residents, 2.6 million Genworth Finance clients, etc. are affected.
While the number of victims increases, Eric Goldstein, Executive Assistant Director for Cybersecurity at the US Cybersecurity and Infrastructure Security Agency (CISA) said, CISA “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” and added, “We are working urgently to understand impacts and ensure timely remediation.”
Do you think MOVEit should be held responsible for software defects leading to the wide-scale attacks? Should organizations and agencies use additional security measures? Let us know in the comments below!
First published on Mon, Jul 3, 2023
Enjoyed what you've read so far? Great news - there's more to explore!
Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.
Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.
Dive into TechDogs' treasure trove today and Know Your World of technology!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.
Tags:
Related News on Cyber Security
Trellix Launches Xtend Global Channel Partner Program
Wed, Feb 8, 2023
By Business Wire
Kaspersky Exits US, Forcibly Switches Users To UltraAV
Wed, Sep 25, 2024
By TD NewsDesk
ExtraHop Presents Ratiodata With Gold Partner Status
Wed, May 10, 2023
By Business Wire
Seraphic Security Named As A 2023 SC Awards Finalist
Tue, May 23, 2023
By Business Wire
Related Events & Webinars on Cyber Security
Trending TD NewsDesk
Court Backs School's Punishment For Using AI But AI Research Keeps Unveiling New Insights
By TechDogs Bureau
Business Spend On GenAI Jumps 500% But Nearly Half Prefer Open-Source
By TechDogs Bureau
ZEEL And Telegram Crack Down On Piracy While Young Users Embrace It
By TechDogs Bureau
750,000 French Patients’ Data Leaked While Advertisers Sell Data Of US Military Workers
By TechDogs Bureau
Australia Introduces Bill To Ban Social Media For Under-16s
By TechDogs Bureau
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion