Clop Ransomware Gang Attack US Government and Organizations Globally

Russian cybercriminals known as Clop, who are believed to be responsible, have launched global cyberattacks targeting several US federal government agencies and numerous companies and organizations in the US and the UK. 

The attack in the US exploits a vulnerability in widely used software called MOVEit. Eric Goldstein, the executive assistant director for cybersecurity at CISA (The Cybersecurity and Infrastructure Security Agency) said “we are working urgently to understand impacts and ensure timely remediation” in a statement to CNN.

Hundreds of Companies and Organizations Potentially Impacted 

A senior CISA official also told reporters apart from US government agencies, several hundred companies and organizations in the US could potentially be impacted by the hacking spree, as estimated by private experts.

In addition to the attacks in the US, the group has claimed that their far-reaching attacks have compromised employee data within UK companies and institutions including the BBC and British Airways as reported last week.

The Clop ransomware gang, who have identified themselves as the hackers of these UK organizations, have stated that they possess "information on hundreds of companies." In a dark web posting viewed by CNN, they had set a deadline of June 14 for the victims in the UK to engage in ransom negotiations, warning that they will begin publishing data from the companies they claim to have hacked.

Clop Ransomware Gang Create Critical Security Incident

The presence of an extortion threat further intensifies an already critical security incident, compelling tech firms, corporations, and government agencies across the United States, Canada, and the United Kingdom to respond with heightened urgency.

Clop, who are believed to be responsible for the US attacks, has a reputation for demanding multimillion-dollar ransoms. However, according to a senior official speaking in a background briefing to reporters, no ransom demands have been made towards federal agencies. 

Concurrently, the response from CISA coincides with the discovery of a second vulnerability in the software code exploited by the hackers, as reported by Progress Software, a US company actively working on a fix. 

Ongoing Global Hacking Campaign

Confirming the severity of the ongoing global hacking campaign, a spokesperson from the Department of Energy informed CNN that multiple federal agencies, including the Department of Energy itself, have been breached.

On Thursday, agencies were prompt in denying any impact from the hacking. Both the Transportation Security Administration and the State Department stated that they were not victims of the hack. Meanwhile, the Department of Energy swiftly implemented measures to minimize the consequences of the breach upon discovering that records had been compromised. 

A spokesperson from the department confirmed that they have informed Congress and are collaborating with law enforcement, CISA, and the affected entities to investigate the incident and mitigate the breach's impacts, as mentioned in their official statement.

The term "clop" originates from the Russian word "klop," which refers to a bed bug, an insect resembling Cimex that feeds on human blood during night-time, much like a mosquito. Notably, CLOP ransomware is characterized by the presence of the distinctive string "Don't Worry C|0P" within its ransom notes.

According to SOC Radar CLOP ransomware has the ability to infect a computer through multiple methods, such as spam email attachments, trojans, URLs, cracks, unsecured Remote Desktop Protocol (RDP) connections, and malicious websites. 

CISA urges users and organizations to review the MOVEit Transfer advisory, follow the mitigation steps, and apply the necessary updates when available.