Hundreds of Companies Using the MOVEit File Service Lose Confidential Data to a Ransomware Attack
Table of Contents
- By Steven
- Published: Jun 12, 2023
- Last Updated: Jun 12, 2023
MOVEit, a massive global fire-sharing service provider, recently suffered a data breach that could impact 100's of corporations in the United States, Europe, and many other areas of the world. The file-transfer service provider is supposed to offer a secure transfer solution, and it appears that it may not be as secure as so many hoped. This breach is the result of a ransomware attack, and that attack could result in substantial losses for so many involved. If your company trusts the MOVEit file transfer solution, you should immediately start looking for things you can do to secure your information and patch the solution if you're going to continue using it.
How Did the Attack Occur?
We don't have the specific dates associated with this attack, but we know that in May 2023 or earlier, the C10P ransomware gang infiltrated the MOVEit service and began capturing secure data from countless companies. As the gang built up useful and potentially damaging information in its database, the gang gained the power to extort the hundreds of companies that rely on the file transfer service. The gang put up a notice informing impacted companies they have until June 14, 2023, to pay a ransom to avoid having their secure data exposed online for all to see.
The ransom amounts are likely to be in the hundreds of thousands of dollars or in the millions for some of the largest companies impacted. It's unclear if any of these businesses have paid the ransom demand. Major companies that we know have already been impacted include businesses like British Airways, Boots, Nova Scotia, BBC, and Zellis to name a few. Most of the impacted companies reported are located in Europe, but a large number of American-based companies depend on MOVEit as well, and we expect US companies to show up on the list of impacted companies too.
What Information Was Viewed or Stolen?
There is no specific type of information stolen in this data breach. It's likely the gang is taking data about proprietary technology, patents, personal employee data, and much more. Anything useful will be taken by the ransomware gang.
How Did MOVEit Admit to the Breach?
MOVEit's parent company Progress Software released a notice on May 31, 2023, informing its customers that its service suffered a serious data attack and released a patch to block the ransomware gang's access to the software.
What Will Become of the Stolen Information?
The C10P ransomware gang is only interested in generating as much money as possible from any stolen information it takes. This data will be sold to whoever will buy it if the ransoms aren't paid.
What Should Affected Parties Do in the Aftermath of the Breach?
If your company depends on the MOVEit file transfer service, you should install the service patch if you haven't already. Also, closely monitor your company data and consider investing in credit monitoring services for any of your employees and customers with personal data held in your company's file servers.
