{"id":25467,"date":"2023-06-07T08:30:53","date_gmt":"2023-06-07T12:30:53","guid":{"rendered":"http:\/\/worldjusticenews.com\/news\/?p=25467"},"modified":"2023-06-07T08:30:53","modified_gmt":"2023-06-07T12:30:53","slug":"bbc-ba-and-boots-issued-with-ultimatum-by-cyber-gang-clop","status":"publish","type":"post","link":"https:\/\/worldjusticenews.com\/news\/2023\/06\/07\/bbc-ba-and-boots-issued-with-ultimatum-by-cyber-gang-clop\/","title":{"rendered":"BBC, BA and Boots issued with ultimatum by cyber gang Clop"},"content":{"rendered":"<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\"><b class=\"ssrcss-hmf8ql-BoldText e5tfeyi3\">A prolific cyber crime gang thought to be based in Russia has issued an ultimatum to victims of a hack that has hit organisations around the world.<\/b><\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The Clop group posted a notice on the dark web warning firms affected by the MOVEit hack to email them before 14 June or stolen data will be published.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">More than 100,000 staff at the BBC, British Airways and Boots have been told payroll data may have been taken.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Employers are being urged not to pay up if the hackers demand a ransom.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"unordered-list-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<div class=\"ssrcss-1o5f7ft-BulletListContainer e5tfeyi0\">\n<ul role=\"list\">\n<li><a class=\"ssrcss-k17ofw-InlineLink e1no5rhv0\" href=\"https:\/\/www.bbc.co.uk\/news\/technology-65814104\" target=\"_blank\" rel=\"noopener\">BBC, BA and Boots among victims of mass payroll hack<\/a><\/li>\n<li><a class=\"ssrcss-k17ofw-InlineLink e1no5rhv0\" href=\"https:\/\/www.bbc.co.uk\/news\/technology-65820603\" target=\"_blank\" rel=\"noopener\">What action can those caught up in mass hacks take?<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Cyber security research previously suggested Clop could be responsible for the hack which was first announced last week.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The criminals found a way to break into a piece of popular business software called MOVEit and were then able to use that access to get into the databases of potentially hundreds of other companies.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Analysts at Microsoft said on Monday they believed Clop was to blame, based on the techniques used in the hack.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">It has now been confirmed in a long blog post written in broken English.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The post, seen by the BBC, reads: &#8220;This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit.&#8221;<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The post goes on to urge victim organisations to send an email to the gang to begin a negotiation on the crew&#8217;s darknet portal.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">This is an unusual tactic as normally ransom demands are emailed to victim organisations by the hackers, but here they are demanding that victims get in touch. This could be because Clop itself can&#8217;t keep up with the scale of the hack which is still being processed around the world.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">&#8220;My take is that they just have so much data that it is difficult for them to get on top of it all. They&#8217;re betting that if you know then you will contact them,&#8221; says SOS Intelligence CEO Amir Had\u017eipasi\u0107.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">MOVEit is supplied by Progress Software in the US for many businesses to securely move files around company systems. Payroll services provider Zellis, which is based in the UK, was one of its users.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Zellis has confirmed that eight UK organisations have had data stolen as a result, including home addresses, national insurance numbers and, in some cases, bank details. Not all firms have had the same data exposed.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Zellis customers which has been breached include:<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"unordered-list-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<div class=\"ssrcss-1o5f7ft-BulletListContainer e5tfeyi0\">\n<ul role=\"list\">\n<li>BBC<\/li>\n<li>British Airways<\/li>\n<li>Aer Lingus<\/li>\n<li>Boots<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Nova Scotia Government and the University of Rochester is also warning staff that data may have been stolen through the MOVEit vulnerability.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Advice from experts is for individuals not to panic, and for organisations to carry out security checks issued by authorities like the Cyber Security and Infrastructure Authority in the US.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Clop claims on its leak site that it has deleted any data from government, city or police services.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">&#8220;Do not worry, we erased your data you do not need to contact us. We have no interest to expose such information,&#8221; it reads.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">However, researchers say the criminals are not to be trusted.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">&#8220;Clop&#8217;s claim to have deleted information relating to public sector organisations should be taken with a pinch of salt. If the information has monetary value or could be used for phishing, it&#8217;s unlikely that they will simply have disposed it,&#8221; said Brett Callow, threat researcher from Emsisoft.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Cyber security experts have long tracked the exploits of Clop, which is thought to be based in Russia as it mainly operates on Russian speaking forums.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Russia has long been accused of being a safe haven to ransomware gangs &#8211; which it denies.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">However, Clop runs as a &#8220;ransomware as a service&#8221; group, which means hackers can rent their tools to carry out attacks from anywhere.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">In 2021, alleged\u00a0<a class=\"ssrcss-k17ofw-InlineLink e1no5rhv0\" href=\"https:\/\/twitter.com\/NPU_GOV_UA\/status\/1405080755722670080?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1405080755722670080%7Ctwgr%5Ec130a94df4fc342f2d34a15accf8310e257f2f5a%7Ctwcon%5Es1_&amp;ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fukraine-arrests-clop-ransomware-gang-members-seizes-servers%2F\" target=\"_blank\" rel=\"noopener\">Clop hackers were arrested in Ukraine<\/a>\u00a0in a joint operation between Ukraine, US and South Korea.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">At the time, authorities claimed to have taken down the group which they said was responsible for extorting $500m from victims around the world.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-11r1m41-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">But Clop has continued to be a persistent threat.<\/p>\n<p>Source: <a href=\"https:\/\/www.bbc.co.uk\/news\/technology-65829726\" target=\"_blank\" rel=\"noopener\">bbc.co.uk<\/a><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\">A prolific cyber crime gang thought to be based in Russia has issued an ultimatum to victims of a hack that has hit organisations around the world. The Clop group posted a notice on the <a class=\"mh-excerpt-more\" href=\"https:\/\/worldjusticenews.com\/news\/2023\/06\/07\/bbc-ba-and-boots-issued-with-ultimatum-by-cyber-gang-clop\/\" title=\"BBC, BA and Boots issued with ultimatum by cyber gang Clop\">[&#8230;]<\/a><\/div>\n","protected":false},"author":1,"featured_media":25468,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","footnotes":""},"categories":[109,2,4],"tags":[2144,9502,5507,9501,5056,4835,2936,442],"class_list":{"0":"post-25467","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-headline","8":"category-news","9":"category-uk","10":"tag-bbc","11":"tag-boots","12":"tag-british-airways","13":"tag-clop","14":"tag-cyber-attack","15":"tag-cyber-crime","16":"tag-hacking","17":"tag-russia","18":"pmpro-has-access"},"_links":{"self":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/25467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/comments?post=25467"}],"version-history":[{"count":2,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/25467\/revisions"}],"predecessor-version":[{"id":25470,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/25467\/revisions\/25470"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media\/25468"}],"wp:attachment":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media?parent=25467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/categories?post=25467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/tags?post=25467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}