What Happened
The US Department of State has announced a $10 million reward for information linking members of the Cl0p ransomware affiliate responsible for a recent data extortion campaign to a foreign government.
The reward seeks information on the Cl0p ransomware gang or any other malicious cyber actors targeting US critical infrastructure that may have ties to a foreign government.
What is Cl0p
Cl0p, an infamous ransomware gang, targeted users of the MOVEit managed file transfer service. The gang exploits a zero-day vulnerability to compromise data from hundreds of organizations.
Victims of the campaign include prominent brands like British Airways, Boots, and the BBC, along with several US government agencies. However, the government agencies have not been fully disclosed.
The Cl0p gang attempts to extort money from victims by threatening to leak stolen data. If they refuse to pay, tens of thousands of US government workers will potentially have their personal information compromised.
Victim Response
The Cl0p ransomware attacks were opportunistic and not leveraged to gain broader access or steal specific high-value information.
The CISA director, Jen Easterly, stated.
The impacted agencies have not been fully disclosed. However, the Department of Energy is among the confirmed victims, and additional agencies are expected to be revealed.
Cl0p claims that any stolen government data is promptly deleted. Still, concerns remain regarding the potential misuse of the compromised data or its acquisition by foreign governments.
Further Action
The RFJ program has evolved to address cybercrime threats. This includes the Conti and REvil ransomware gangs and individual hackers associated with notable ransomware operations.
By encouraging the submission of tips, the program aims to gather crucial information about threat actors like Cl0p, mitigating future attacks and safeguarding national security through anonymous submissions via the Tor SecureDrop server.
- Microsoft Email Breach Impacted Company’s Top Executives
- Highlights from the 2023 Fortinet Security Summit
- Employee Unauthorised Access to Medical Records in the US
- Integris Health’s Massive Data Breach Notice in US
- [CVSS 9+] Security Alert: Citrix Bleed Exploit
- House Unanimous Bill Prevents Sale of American Data