It's like a bottomless pit: in just one week, the CLOP group has leaked another 30 company names that are said to be victims of the attack on the MOVEit vulnerability. Now there are well over 80 victims, some of whom are prominent. Much of the data is already completely online.
The currently published list has now grown to 82 names. Most company names are international and not based in Germany. The group of users weeks ago, the vulnerable software solution MOVEit for data exchange is smaller in Germany than initially assumed. Nevertheless, experts speak privately of a good 100 victims, most of whom do not appear in any list - not even in the CLOP group.
Already 82 victims online in the pillory
The list Although compared to previous reports getting longer and longer, but at the same time the list of non-payers is also getting longer and longer. The group rages in a block of text that the companies are letting their customers down. Parts of their data packages are currently available for download from 30 companies on the dark web. In addition, there are more and more entries with the publication of the entire data. The supposedly stolen data of 20 companies can currently be found on the Darknet.
The ratio of non-payers with 50 to 82 victims would not be bad at all. However, there is probably a high number of unreported companies that paid immediately and do not even appear in the list. According to CLOP, companies such as Heidelberger Druckmaschinen AG, Shell, the Boston Globe, security software manufacturer NortonLifeLock, Sony, the auditors Ernst & Young and PWC, and the insurer Zurich did not pay. Good this way.
More and more companies are not paying
It's good to see that many companies are not willing and paying for the deal. Because if CLOP already has the data, there is no guarantee that this data will not be resold. The damage for the companies only adds up if they also pay money for it.
Background to the MOVEit vulnerability: After the vulnerability became known, many companies have taken the MOVEit environment offlineto prevent unauthorized data access. Subsequent forensics revealed that before the MOVEit environment was shut down, many companies had been illicitly stealing data about this critical vulnerability.