In May of 2023, a file transfer platform company, MOVEit, made by Progress Software, was compromised by a Russian ransomware operation called Cl0p, which is a type of ransomware that has been used in cyber-attacks since 2019. They used a vulnerability in Progress’s software that was not known to exist at the time. Shortly after the attack was discovered, a patch was issued. However, if users did not install the patch, they could continue to experience attacks.

MOVEit is used by thousands of government agencies and financial institutions. It is also used by hundreds of other public and private companies all over the world. It has been estimated that at least 455 organizations and over 23 MILLION individuals who were customers of MOVEit had their information stolen. Some of the organizations compromised include:

  • The US Department of Energy
  • New York City Department of Education
  • UCLA
  • Shell
  • Ernst & Young
  • Honeywell
  • Gen/Norton LifeLock
  • Radisson Hotel
  • BBC
  • British Airways

73% of the organizations impacted are based in the US, while the rest are international and the most heavily impacted sectors were finance, professional services, and educational institutions.

The stolen data from the attack is published to a site on the dark web. The dark web is a section of the worldwide web where cybercriminals sell and trade information without having to reveal themselves. The ransomware and website have been linked to FIN11, a financially motivated cybercrime operation that has been connected to both Russia and Ukraine. FIN11 is believed to be part of a larger umbrella operation known as TA505.

This attack was so terrible and widespread because many of the compromised organizations also provide services to additional companies and government entities. And yes, unfortunately you’re probably one of them. Were you notified?

Surprisingly, this breach didn’t make mainstream headlines. Nevertheless, when a company is compromised they are obligated to tell you if your data was stolen. This can come in the form of an e-mail or snail mail letter.  Spam filters make e-mail delivery difficult to ensure an important message is received, and organizing a letter for over 23 million people can take time and is expensive.

What should you do if you use this software?

  1. Make sure all your passwords and PINs are changed ASAP. The same password should not be used on multiple different accounts, and always make sure that your passwords are at least 12 characters long, using uppercase and lowercase letters, as well as special characters and numbers.
  2. Ensure MFA (multi-factor authentication) is turned on for all critical software applications and websites you use, such as Microsoft Office, QuickBooks, banking and payroll software, your credit card processor, etc.

Want to know if your company’s information is on the dark web? Click here to make an appointment with us where we will discuss running a dark web scan on your company (sorry, we do not offer this for individuals). This is a FREE evaluation and confidential review. Questions? Call us at 281-646-1200.