“We know that ransomware groups have found massive success by double extorting victims: encrypting files within a targeted organisation, stealing sensitive files and threatening to publish them on the dark web if the organisation doesn’t pay up. However, we’ve also noticed a trend over the last few years, as groups have either pivoted away from or were created without file encryption, focusing solely on data theft and extortion. Since late 2020, file transfer appliances and solutions from Accellion to GoAnywhere have become a valuable target for cybercriminals, specifically ransomware groups like Clop who have managed to breach hundreds of organizations that rely on these solutions to transfer sensitive data. While we don’t know the specifics around the group behind the zero-day attacks involving MOVEit, it underscores a worrisome trend of threat actors targeting file transfer solutions. Organisations that use MOVEit software should assume compromise and engage in incident response to determine the potential impact, if any.” – Satnam Narang, sr. staff research engineer, Tenable.