Clop ransomware: Breached companies via GoAnywhere MFT zero-day

Home/Compromised, Internet Security, malicious cyber actors, Ransomware, Security Advisory, Security Update/Clop ransomware: Breached companies via GoAnywhere MFT zero-day

Clop ransomware: Breached companies via GoAnywhere MFT zero-day

The gang behind it Clop ransomware has begun extorting companies whose data were stolen thanks to the use of a zero-day vulnerability in your file sharing solution Fortra GoAnywhere MFT.

The Clop ransomware gang, responsible for the GoAnywhere breaches, told the BleepingComputer that they already had stolen data from over 130 organizations. The BleepingComputer could not independently confirm Clop’s claims. The gang utilized the zero-day vulnerability in Fortra’s GoAnywhere MFT file-sharing platform to steal the data of 139,493 customers.

What is GoAnywhere?

GoAnywhere is a secure transportation solution files. It allows companies to securely exchange encrypted files with their partners. The service keeps detailed logs about who accessed the files.

In cybersecurity, the term “zero-day” refers to a situation where security teams have no prior knowledge of a software vulnerability, leaving them with “zero” days to develop a security patch or an update to rectify the problem.

The day after the GoAnywhere patch was released, the Clop ransomware gang contacted BleepingComputer and said it was behind the attacks that exploited the vulnerability.

Clop ransomware causing damage

In December 2020, Clop used the same tactics by exploiting a zero-day vulnerability in Accellion’s file transfer appliance (FTA) system to pilfer data from global companies.

The Accellion FTA attacks caused widespread damage, with numerous organizations disclosing related breaches, including major financier Morgan Stanley, tech firm Qualys, energy giant Shell, and supermarket giant Kroger.

The Clop ransomware gang began exploiting victims of GoAnywhere attacks by adding seven new companies on its data leak site.

Multiple universities worldwide were also affected, including Stanford Medicine, the University of Colorado, the University of Miami, and the University of California.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!