Clop ransomware continues to bombard businesses of all shapes and sizes. The cyber criminals behind the malware have siphoned internal documents from the oil giant Shell, as well as publicly leaking some of the data to encourage payment of the ransom set.
If paid on-time, it would have meant that any files affected by Clop would be decrypted and prevent any documents leaking. However, the gang has now uploaded a selection of documents to its Tor-hidden website, including scans of employees’ US visas as well as a passport page and files from its American and Hungarian offices.
This kind of theft and intense pressure tactics is commonplace from cyber criminals and, in particular, the Clop gang. Recently they have been pursuing organisations that deployed vulnerable versions of a legacy file-transfer appliance, Accellion, which exploited the software to steal internal information, which seems to have links to this current data breach, as the company revealed it uses Accellion to securely transfer large data files.
Shell aren’t the only company to have been affected. Businesses of different sizes from IT, aerospace and marketing industries have been affected due to the Accellion vulnerability. Fortunately, it seems to be only the Accellion-related documents that have been breached, as opposed to the business’ entire IT system.
It appears as though Accellion became aware of a then zero-day security vulnerability in the product in mid-December, and subsequently scrambled to patch it. This first flaw was just one of many now patched zero-day bugs in the platform that Accellion discovered after they came under attack from cyber criminals. The problem is that many companies might still be using unpatched versions of Accellion.
It is good practice for a business to ensure any systems or software it uses to be fully patched at all times. If your system isn’t based on Microsoft Windows it can be tough for total coverage, and it usually requires manual updating to ensure the system is fully covered. If your business also uses Accellion or other file-transfer services, such as WeTransfer, then it might be time to consider alternative ways to share large files with colleagues. A system such as SharePoint allows for files and data to be shared with ease between colleagues with the same level of privileges and access. For example, a Sales team can have their own shared folder that links to individual documents as though it is a web address, giving them access in seconds, as opposed to using an external file-transfer service that could lead to shared documents being breached in future, as Shell, and others, have found out.