CL0P Ransomware Attack on MOVEit Transfer (2023) PDF

Summary

This document details the 2023 CL0P ransomware attack on Progress Software's MOVEit Transfer platform, which affected over 1000 companies. The attack was a significant supply chain attack, costing nearly $10 billion in damage.

Full Transcript

Overview: In 2023, members of the CL0P ransomware gang exploited a vulnerability in the MOVEit transfer software that allowed them to access data from over 1000 companies that used the MOVEit file transfer system. CL0P then used this stolen data to individually extort each company, threatening to le...

Overview: In 2023, members of the CL0P ransomware gang exploited a vulnerability in the MOVEit transfer software that allowed them to access data from over 1000 companies that used the MOVEit file transfer system. CL0P then used this stolen data to individually extort each company, threatening to leak each company’s sensitive data online if they did not pay a ransom by a particular date. Sequence of Events: In May 2023, CL0P began exploiting a previously unknown structured query language (SQL) injection vulnerability (CVE-2023-34362) in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer beginning. After leveraging this vulnerability to access and exfiltrate sensitive data from over 1000 companies, CL0P began to individually extort the companies that the data belonged to by threatening to leak the data online if they did not pay a ransom. The extortion continued for several months, with dozens of new victims showing up on CL0Ps ransomware data leak site each week. Because this attack involved access to a single platform which granted attackers access to data from hundreds of organizations, it was a “supply-chain” attack that ultimately ended up impacting most major U.S. companies as well as several in Europe and Canada. Impact: CL0P’s exploitation of the vulnerability in the MOVEit Transfer portal and subsequent extortion of victims was the largest supply-chain attack of 2023. In total, the attack was estimated to have cost nearly $10 billion in damage. Response and Aftermath: Progress Software, the company that produced MOVEit Transfer patched the vulnerability and worked with government and private incident response companies to investigate the hack. Because the data had already been accessed and exfiltrated before the company discovered the problem, though, there was little they could do to stop the downstream impacts of the attack.

Use Quizgecko on...
Browser
Browser