Freely subscribe to our NEWSLETTER

“Clop, which has claimed responsibility for the attack, is an up-and-coming, tier 2 Ransomware as a Service (RaaS) that started the double-extortion technique in March 2020, whereby in addition to encrypting data and demanding a ransom from the victim, they also threatened to upload it online if their terms were not met. They are now favouring extortion over encryption and this attack looks like a case of triple extortion, whereby the attacker targets both the company whose data they have as well as its customers warning them of data exposure until payment is made.

This makes the exploitation of the MOVEit file transfer application particularly daunting as it suggests Clop will now sift through the data it has obtained from providers such as Zellis, a payroll and HR solutions provider in the UK, to gain maximum leverage over their customers and potentially their partners, seeing the attack penetrate deep within the supply chain. In the past Clop have taken over a month to analyse and orchestrate the extortion following data exfiltration so we can expect this to be a long-tail attack, with more victims coming to light over the next few weeks.

Zellis took swift remedial action in isolating the server hosting the MOVEit software, engaging an incident response team, and notifying those affected and the authorities but what the attack reveals is just how precarious the supply chain is and the need for organisations to assess supplier risks, limit the data their partners have, and to put in place procedures to deal with the aftermath of this form of attack.”