Worldwide Threat of Ransomware Targets Institutions and Companies

In a recent wave of cyber attacks targeting institutions and companies worldwide, the University of California, Los Angeles (UCLA) has confirmed its inclusion among the victims. The attack has been attributed to a notorious ransomware gang known as “CL0P,” as declared by government officials.

Upon discovering the breach, UCLA promptly alerted the Federal Bureau of Investigation (FBI) and collaborated with external cybersecurity experts to launch an investigation.

The university’s spokesperson, who chose not to disclose their identity or provide an interview, acknowledged the incident. However, they declined to disclose the nature of the stolen data or the extent of the impact on individuals within the UCLA community.

IN CONJUNCTION WITH THE FBI, the U.S. Cybersecurity and Infrastructure Security Agency issued bulletins revealing that the CL0P group exploited a previously unidentified software vulnerability, commonly referred to as a ‘zero day’ exploit, beginning in May 2023. The hackers targeted applications linked to a file Transfer system called “MOVEit.”

CISA disclosed that the CL0P hackers infected internet-facing MOVEit Transfer web applications with their specific malware, enabling them to pilfer data from the underlying MOVEit Transfer databases. Progress Software, the owner of MOVEit, acknowledged the incident and confirmed its dedication to assisting customers in patching the vulnerabilities while cooperating with authorities during the investigation.

In an email response to inquiries, an unnamed spokesperson from Progress Software stated, “We have engaged with federal law enforcement and other agencies and are committed to playing a collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products.”

According to security researcher Brett Callow from Emsisoft, the CL0P group is believed to operate from Russia or Eastern Europe. The group has a track record of conducting cyber attacks and often resorts to demanding ransom payments.

Callow revealed that the group’s activities had affected numerous organizations, with their latest attack identifying over 130 victim organizations. Some of these victims have indicated that the stolen files potentially contain information on more than 15 million individuals.

Callow explained the significance of file transfer platforms as potential gold mines for cybercriminals, stating, “These file transfer platforms and other services that companies use are potentially a gold mine to cybercriminals. Normally if they hack their way into a company, they’ve only got one attempt at extortion. If they manage to breach one of these file transfer applications, they can potentially have hundreds of victims.“

Cyber attacks’ global scale and impact continue to underscore the pressing need for heightened cybersecurity measures. As organizations like UCLA work diligently to investigate breaches and secure sensitive data, collaborations between the public and private sectors become increasingly vital in combating these threats.

The post Ucla Falls Victim to Global Cyber Attack appeared first on EncryptedFence by CerteraSSL - A Complete Web Security Blog.