In what appears to be the result of failed ransom negotiations, the Clop ransomware group has now started leaking data of the victim organizations.
In a new series of posts, the groups claim to reveal data from the Johns Hopkins University, Honeywell, and TomTom, totaling data leaks of 56 companies, organizations, and universities.
Johns Hopkins University confirmed the cyber attack last month, followed by Honeywell and GPS tech company TomTom.
The full extent of the leak is yet to be analyzed as the threat actors have claimed to have leaked sensitive data and information files from the victims.
The Cyber Express previously reported about the Johns Hopkins University data breach, where the university acknowledged the breach.
The university asked its students, staff, and faculty members to remain vigilant against the attack.
“Until we know more, we strongly urge all students, faculty, and staff—as well as dependents—to take immediate steps to protect your personal information as a precautionary measure,” read the notice from Johns Hopkins University.
Clop ransomware group leaks data of multiple companies involved in the MOVEit data breaches
The Clop ransomware group allegedly claims to have breached large-scale organizations. These organizations were previously targeted by the Clop ransomware group, who were exploiting a critical vulnerability in the MOVEit file transfer software.
In this new announcement, the threat actor has shared the full list of the victims whose data has been leaked as part of the MOVEit vulnerability. The following are some high-profile organizations whose data has been revealed by the prolific threat actor.
- ARVATO.COM
- SCCU.COM
- AGILYSYS.COM
- KALEAERO.COM
- CONSOLENERGY.COM
- RADIUSGS.COM
- CLEARESULT.COM
- HONEYWELL.COM
- TGIDIRECT.COM
- NASCO.COM
- JACKENTERTAINMENT.COM
- AMCTHEATRES.COM
- SLB.COM
- GRIPA.ORG
- MOTHERSON.COM
- ASPENTECH.COM
- DISCOVERY.COM
- ROCHESTER.EDU
- YAKULT.COM.PH
- USG.EDU
- AMERICANNATIONAL.COM
- BCDTRAVEL.COM
- AUTOZONE.COM
- CROWE.COM
- RADISSONHOTELSAMERICAS.COM
- WESTAT.COM
- JPRMP.COM
- FMFCU.ORG
- JHU.EDU
- VISIONWARE.CA
- UMASSMED.EDU
- VRM.DE
- SMA.DE
- RICOHACUMEN.COM
- EMERSON.COM
- TOMTOM.COM
- BAM.COM.GT
- PIONEERELECTRONICS.COM
- RITEAID.COM
Exploring the spree of the Clop ransomware group
The ransomware group, prior to this data leak, claimed data breaches of several high-profile organizations, including Deloitte, Chuck E. Cheese, Maximus, and the Hallmark Channel.
The breach at Deloitte, a prominent multinational firm, has been confirmed, although specific details regarding the extent and nature of the data accessed have not been disclosed, as per CyberNews.
Clop’s attack on Deloitte is part of a concerning trend, with the ransomware group exploiting vulnerabilities in vulnerable installations of the file-transfer tool, MOVEit, to target organizations.
Other notable accounting firms, such as PwC and Ernst and Young, have also fallen victim to similar attacks.
Government contractor Maximus, responsible for administering vital US programs like Medicaid and Medicare, revealed that Clop had accessed the personal information of up to 11 million individuals.
The compromised files may contain sensitive data, including social security numbers and protected health information.
As a result of this breach, Maximus anticipates incurring significant expenses, estimated at up to $15 million, for remediation efforts.
Both Chuck E. Cheese and the Hallmark Channel have been identified as victims of Clop’s leak site, although they have yet to respond to share any official statements about the breach.
Progress Software has since patched the vulnerabilities in its software, but the full extent of the impact and associated costs of the incident remain uncertain.
The legal proceedings will likely be protracted, stretching over months or even years before resolutions are reached.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.