MOVEit linked to Clop ransomware gang: Comment by Satnam Narang, Sr. Staff Research Engineer, Tenable

“Recent reports suggest that exploitation of the zero-day vulnerability in MOVEit Transfer is attributed to the Clop ransomware group. This isn’t surprising when you consider that this falls under the modus operandi of Clop: they were also responsible for exploiting zero-days in other file transfer solutions like CVE-2023-0669 in GoAnywhere earlier this year, and four Acellion vulnerabilities (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104) in late 2020.

“Clop has been around since 2019, and while the group has operated using double extortion tactics (data encryption and exfiltration with threat to publish stolen data), they’ve slowly pivoted towards a focus on data exfiltration, as evidenced in the targeting of file transfer solutions. In the grand scheme of things, data encryption alone is not enough of an incentive for victim organisations to pay exorbitant ransom demands. However, data exfiltration and threats to publish stolen data hold much more weight and are largely what has powered double extortion and ransomware groups to find so much success.

“The writing is on the wall; file transfer solutions are a prime target for the Clop ransomware group, and they are likely to seek out their next target for exploitation in the near future.” – Satnam Narang, sr. staff research engineer, Tenable – Satnam Narang, Sr. Staff Research Engineer, Tenable