In a fresh development, the U.S. State Department’s Rewards for Justice (RFJ) program, designed to combat terrorism, has announced a bounty of up to $10 million. This reward, an unprecedented move in cybercrime history, is for information leading to the Clop ransomware group’s link with a foreign government.
Details about the Clop Ransomware Gang and its activities
The Clop ransomware group, also known as Lace Tempest, recently came under the spotlight for claiming to breach hundreds of global companies. Their modus operandi involved exploiting the MOVEit Transfer vulnerability—a managed file transfer tool used by numerous enterprises for secure data transmission. The loophole was a SQL injection vulnerability that the hackers used to gain unauthorized database access.
Microsoft credited this group with an elaborate campaign exploiting the zero-day vulnerability, identified as CVE-2023-34362, in the MOVEit Transfer platform. Through an extortion note on their dark web site, the group asserted possession of valuable information on several businesses, pushing victimized organizations to make contact before being publicly listed as victims.
Currently, the exact number of breached organizations remains uncertain. By May 31, Rapid7 experts found roughly 2,500 MOVEit Transfer instances publicly accessible online, a significant portion of which were in the U.S. The same webshell name observed in numerous customer environments hints at automated exploitation.
Kroll researchers revealed that the Clop gang had been seeking a zero-day exploit in the MOVEit software since 2021. As of now, the group has listed 27 companies as victims on its dark web site, claiming these companies were compromised through the CVE-2023-34362 zero-day exploit. Astonishingly, the list of victims reportedly includes multiple federal agencies such as the Department of Energy.
Following the news, the group clarified on its site that it doesn’t hold government data and its activities are solely financially motivated.
Is this a tipping point in cybersecurity?
The bounty on the Clop ransomware group marks a turning point in the approach towards addressing cybercrimes. By linking the reward to foreign government involvement, it reveals the graveness of the issue at a national level.
This event signifies the potential use of cybercriminals as pawns in a larger geopolitical game, warranting a robust and proactive response from nations worldwide. It also serves as a stark reminder to companies about the importance of maintaining top-tier cybersecurity to safeguard sensitive data.
Our readers, what are your thoughts on this matter? We’d love to hear your insights in the comment section below.