Crown Resorts Investigates Cl0p Ransomware Group’s Data Theft Claims
March 29, 2023
Australian casino giant Crown Resorts has confirmed that the Cl0p ransomware group contacted them to claim the theft of data as part of the GoAnywhere attack. The incident took place in late January when a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software was exploited to access files belonging to Fortra customers. The exploitation of the bug, tracked as CVE-2023-0669 and patched in early February, was attributed to a Russian-speaking threat actor associated with the Cl0p ransomware, which recently started adding the names of alleged victims to its Tor-based leak site.
The Cl0p ransomware operators have claimed the theft of data from around 130 organizations that used GoAnywhere, with some of them already confirming potential impact, including Community Health Systems, Hitachi Energy, Hatch Bank, Rubrik, Atos, City of Toronto, Procter & Gamble, Pluralsight, Saks Fifth Avenue, UK’s PPF, Virgin Red, and Rio Tinto. Several of the affected organizations informed that the stolen data poses no threat to customers or employees.
Crown Resorts issued a public statement on its website confirming that it was a Fortra customer and that the Cl0p ransomware operators contacted it to claim the theft of company data: “We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority. We can confirm no customer data has been compromised and our business operations have not been impacted. We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.”
Crown Resorts, the largest gaming and entertainment group in Australia, operates large complexes in Melbourne, Perth, and Sydney. It was acquired by US private equity firm Blackstone in 2022. German insurer giant Munich Re, which was also added to Cl0p’s leak site, stated that the incident only impacted some test files. “Munich Re currently has no contractual relationship with the company affected. For test purposes, only test files with meaningless content were sent, i.e., containing no business, client or personnel data,” the company said.
Fortra may face a class action suit as a result of the cyberattack, a complaint filed with the US District Court for the District of Minnesota shows. According to the complaint, the company failed to properly secure the MFT service, which led to the January data breach that affected over 139,000 individuals.
Related News
- Procter & Gamble Confirms Data Breach Through GoAnywhere Zero-Day Exploit
- City of Toronto Confirms Data Theft, Clop Ransomware Gang Claims Responsibility
- Clop Ransomware Targets Saks Fifth Avenue, Retailer Claims Only Mock Data Stolen
- Hitachi Energy Confirms Data Breach Following Clop Ransomware Attack
- Rubrik Discloses Data Breach After Exploiting GoAnywhere Zero-Day
Latest News
- ChatGPT Data Breach Confirmed Amid Vulnerable Component Exploitation Warning
- Apple Addresses Actively Exploited WebKit Zero-Day for Older iPhones and iPads
- Microsoft Issues Emergency Update for Windows Snipping Tool Flaw
- Microsoft Offers Guidance on Detecting Outlook Zero-Day Exploits
- Procter & Gamble Confirms Data Breach Through GoAnywhere Zero-Day Exploit
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.