Major Corporations Under Siege: Russian Cybercrime Collective Strikes Boots, British Airways, and BB

An international cybercrime collective, believed to originate from Russia, has recently targeted several major corporations, including British Airways, Boots, and the BBC, compromising the personal information of over 100,000 employees across these organisations. The group, known as Clop, orchestrated their attack through a vulnerability in a business infrastructure tool called MOVEit, a software used to securely transfer files within internal networks. This vulnerability allowed them access to multiple victims in a single mass hack​.

The group has not demanded a specific ransom amount but instead they have issued an ultimatum to the affected companies, requiring them to initiate negotiations by a specific date. If these companies fail to respond by the deadline, Clop threatens to publicly release the stolen data, which is suspected to include sensitive information such as names, addresses, National Insurance numbers, and bank details​​.

Clop's attack strategy is known as "doxware" and represents a shift from traditional ransomware tactics. Instead of merely encrypting data and demanding a ransom for its decryption, the group directly steals the data and threatens to publish it if their demands are not met. This approach is technically more challenging but has the advantage of preventing businesses from simply restoring their data from backups and ignoring the ransom demands​.

This attack has affected a broader network of organisations beyond the ones directly targeted. Many of the affected companies outsourced their payroll services to a third-party company, Zellis, which was also hit. Zellis, which used the vulnerable MOVEit software, has admitted that eight of its customers were affected but did not disclose their names. Other Zellis clients include Jaguar Land Rover, Harrods, and Dyson, raising concerns that hundreds of companies using the MOVEit software may be at risk​​.

In the aftermath of the attack, the group claimed to have information on hundreds of companies but remained vague about the specifics of their exploit. The group also claims to have deleted any data stolen from government entities, stating that they have no interest in exposing such information, which is a common strategy among professional hacking groups to avoid unnecessary attention from law enforcement​​.

The MOVEit spokesperson has said that they are working with cybersecurity experts to investigate the issue and ensure appropriate response measures. They have also engaged with federal law enforcement and other agencies regarding the vulnerability​. Despite these reassurances, experts caution that some of the targeted companies may succumb to the pressure and pay the ransom demands, potentially empowering the criminal group and perpetuating the cycle of such devastating attacks​​.