U.S. Federal Agencies Affected by ‘One of Largest Theft and Extortion Attacks’

U.S. Federal Agencies Affected by ‘One of Largest Theft and Extortion Attacks’

A global cyberattack affecting U.S. federal agencies and allies, including a number of NATO member countries, was carried out forcing government officials to work tirelessly to limit its impact.

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed in a statement on Thursday that they are assisting federal agencies “that have experienced intrusions affecting their [file transfer] applications.”

“We are working urgently to understand impacts and ensure timely remediation,” the statement continued.

Anne Neuberger, deputy national security advisor for cyber and emerging technology for the National Security Council said that the hackers “compromised a vulnerability in a widely used software” that company’s worldwide use “to move large files.”

“They’ve started releasing some of the data that was stolen as part of their work to extort these companies,” Neuberger said. “We strongly encourage anyone who was a user of the software to, of course, patch, lock down their systems.”

An expert declared that this attack is one of the largest theft and extortion attacks in recent times, citing Johns Hopkins University, The University of Georgia, the BBC and British Airways as victims.

CISA Director Jen Easterly identifies the culprits of the attack as being a Russian-backed ransomware gang called “CLOP”.

“They’re basically taking data and looking to extort it,” Easterly said.

Cyber Threat Analyst with Emsisoft Brett Callow said that 47 victims of the attack have been confirmed as of the time of this writing. He adds that “hundreds of organizations have been impacted,” according to CLOP themselves.

Callow also noted that “a number of as yet unidentified U.S. government agencies” had fallen victim to the attack as well.

According to CISA, many of the federal organizations affected by the attack had patched the vulnerability before the ransomware gang was able to intrude.

CLOP ransomware works by taking advantage of a vulnerability in “MoveIt Transfer”, and software program that many large organizations use to transfer large files over the internet. The vulnerability allows CLOP to steal sensitive data and hold it for ransom.

CBS News reached out to the FBI for comment on this situation, in which they declined. However, they suggested organizations implement recommended measures to protect from future ransomware attacks and report any suspicious activity to local FBI offices and CISA.

 

Story via CBS News

How SpaceBound Solutions can Help your SMB stay Cyber Secure

How SpaceBound Solutions can Help your SMB stay Cyber Secure

How a Children’s Hospital is using AI to Build Better Processes

How a Children’s Hospital is using AI to Build Better Processes