New Victims Come Forward After Mass-Ransomware Attack (techcrunch.com) 13
The number of victims affected by a mass-ransomware attack, caused by a bug in a popular data transfer tool used by businesses around the world, continues to grow as another organization tells TechCrunch that it was also hacked. From the report: Canadian financing giant Investissement Quebec confirmed to TechCrunch that "some employee personal information" was recently stolen by a ransomware group that claimed to have breached dozens of other companies. Spokesperson Isabelle Fontaine said the incident occurred at Fortra, previously known as HelpSystems, which develops the vulnerable GoAnywhere file transfer tool. Hitachi Energy also confirmed this week that some of its employee data had been stolen in a similar incident involving its GoAnywhere system, but saying the incident happened at Fortra.
Over the past few days, the Russia-linked Clop gang has added several other organizations to its dark web leak site, which it uses to extort companies further by threatening to publish the stolen files unless a financial ransom demand is paid. TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However, while the number of victims of the mass-hack is widening, the known impact is murky at best. Since the attack in late January or early February -- the exact date is not known -- Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization's network that allows companies to securely transfer huge sets of data and other large files.
Over the past few days, the Russia-linked Clop gang has added several other organizations to its dark web leak site, which it uses to extort companies further by threatening to publish the stolen files unless a financial ransom demand is paid. TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However, while the number of victims of the mass-hack is widening, the known impact is murky at best. Since the attack in late January or early February -- the exact date is not known -- Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization's network that allows companies to securely transfer huge sets of data and other large files.
Drop the "securely" (Score:2)
GoAnywhere, a system that can be hosted in the cloud or on an organization's network that allows companies to securely transfer huge sets of data and other large files.
I am pretty sure you can drop the "securely" from that description.
Re: (Score:1)
GoAnywhere, a system that can be hosted in the cloud or on an organization's network that allows companies to securely transfer huge sets of data and other large files.
I am pretty sure you can drop the "securely" from that description.
Details, details, details...
Re: (Score:2)
Why do they just hang this shit on the internet? (Score:2)
Sure a lot of VPN gateways got exploited too, but security in depth and if you don't start with a VPN you're in the kiddy pool.
open source alternative (Score:2)
Re: (Score:2)
Re: (Score:2)
I've used Zend.to in the past:
https://zend.to/ [zend.to]
Re: (Score:2)
scp?
Under reported (Score:2)
Re: (Score:2)
exposed to the internet by design
I used to think Zero Trust was a good idea, but IT really has a knack for going complete coockoo for cocopuffs for convenience. Instead of using it to improve security, they use it as an excuse to do away with attack surface minimization. They simply don't recognize attack surface as a concept so they can access everything on a random browser ... it's the BYOD disaster on steroids.
Re:Under reported (Score:4, Informative)
It's a system for sharing files with external parties, how exactly would you propose to create such a system without exposing it to external parties?
Of course you can do your due diligence with any file sharing system to minimise the risks:
Keep it isolated away from your other infrastructure.
Ensure that files are only stored temporarily until the recipient can download them, then securely erase them.
Encrypt the files, with the key sent separately (eg zip them and send the recipient the password via sms).
19 trackers on goanywhere.com website (Score:2, Interesting)
Privacy Badger shows 19 trackers on the goanywhere.com website. Obviously a very security-conscious company -- NOT.
Russia-linked Clop gang ? (Score:1)