Clop ransomware hacked DHL, summing up 20 million victims & profit of $100 million via MOVEit

It is thought that tens of thousands, if not hundreds of thousands, of employees were impacted by a cyberattack that took place in June 2023. The attack took use of a flaw in a file transfer program called MOVEit that was distributed by Progress Software in order to get access to the information technology systems of businesses.

Zellis, a firm that provides payroll services to corporations in the UK, including British Airways (BA), BBC, Boots, and DHL, is one of the organizations that have been impacted by this issue. As a direct consequence of the cyberattack on Zellis, the personally identifiable information of current and previous workers for BA, BBC, Boots, and DHL has been obtained. Zellis has published a statement in which it confirms that it has been the victim of a data breach, which has affected some of its clients. Since then, British Airways, the BBC, Boots, and DHL have all notified those workers and former employees whose personal information was compromised that they have been hacked.

The following are part of the data breach:

In the case of DHL, this includes the workers’ DHL payroll number, first name, last name, date of birth, National Insurance Number, first line of address, employment start date, employment finish date (for leavers), date of employment start, and first line of address.

The fact that this cyber-attack is quite similar to others that have been carried out by the infamous Russian ransomware gang C10p (Clop) has led experts in the field of information technology to conclude that the group is responsible for the attack. Additionally, Clop has published a warning on its darknet website indicating that they have exploited vulnerabilities in the MOVEit software in order to steal data from “hundreds of companies.” They have told the affected organizations to get in touch with them in order to come to an agreement on a ransom payment, or else they would begin publicizing the material that they have stolen. Following the passing of the deadline, Clop has begun publicly identifying corporations and exposing data that they have stolen. To this day, it would seem that they have not been able to identify Zellis, BA, BBC, Boots, or DHL.

Researchers from Emsisoft have been keeping track of the amount of firms that are implicated. They have discovered that at least 383 organizations have been impacted, and as a consequence, the information of 20,421,414 individuals has been compromised.

This week, many organizations in Maine have confirmed the data that was accessible via MOVEit by filing documentation with the state’s regulatory authorities. Some banks and other financial institutions have reported that hundreds of thousands of their clients have been compromised, while other, more prominent firms have verified data breaches with fewer individuals affected.

Only a small number of people who had their data stolen by MOVEit are expected to pay compensation, according to estimates provided by Coveware. In spite of this, it is still anticipated that Clop would acquire an amazing $75–100 million from these payments alone, which is not surprising considering the enormous ransom demands.

According to Coveware, “it is likely that the CloP group may earn between $75 and $100 million dollars just from the MOVEit campaign,” with that total coming from only a small number of victims that succumbed to extremely expensive payments. “It is likely that the CloP group may earn between $75 and $100 million dollars just from the MOVEit campaign.”