The Russian-speaking Cl0p ransomware group's recent MOVEit campaign has reportedly affected nearly 1,000 organizations and 60 million individuals. The figures include both directly and indirectly impacted entities. For instance, data from several organizations and millions of individuals were compromised via PBI, a company providing research services for the pension and financial sectors. As of August 24, cybersecurity firm Emsisoft reported 988 victims and approximately 59,200,000 individuals.
Organizations potentially exposing the data of more than one million individuals include Maximus, Pôle Emploi, Louisiana Office of Motor Vehicles, Colorado Department of Health Care Policy and Financing, Oregon Department of Transportation, Teachers Insurance and Annuity Association of America, Genworth, PH Tech, Milliman Solutions, and Wilton Reassurance Company. The number of affected organizations is also confirmed by Resecurity, which reported 963 public and private sector organizations worldwide affected by the MOVEit hack on August 23.
The Cl0p group, which is estimated to earn up to $100 million from this campaign, has begun leaking the data of victims who have refused to pay the ransom. On August 14 and 15, the cybercriminals leaked nearly 1 Tb of information allegedly stolen from 16 victims, according to Resecurity. These victims include UCLA, Siemens Energy, Cognizant, and cybersecurity firms Norton LifeLock and Netscout. The data was leaked via surface web torrents, allowing anyone to easily access the stolen files.
Both Emsisoft and Resecurity reported that over 80% of the affected organizations are located in the United States. The MOVEit campaign exploited CVE-2023-34362, a critical SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) software. This vulnerability can be exploited by an unauthenticated attacker to access files transferred through the product.