Over 2,000 organizations are impacted by the MOVEit hack

Cl0p ransomware
Credits: KonBriefing Research

According to the latest statistics released by Emsisoft this week, the number of organizations attacked by the ransomware group Cl0p using the MOVEit vulnerability has surpassed 2,000, affecting over 60 million individuals. This data aligns closely with the figures released by IT market research company KonBriefingResearch on September 26, showing 2,040 victim organizations.

Credits: KonBriefing Research

Emsisoft researchers have indicated that the majority of the victimized organizations are based in the United States. The sectors most severely impacted are finance, professional services, and education, accounting for 13.8% and 51.1% of the data breach incidents, respectively.

One of the most prominent MOVEit data breach events this week involved the National Student Clearinghouse, a non-profit organization in the U.S., resulting in the exposure of information from nearly 900 American educational institutions.

In late May 2023, the Cl0p ransomware group exploited a popular SQL injection vulnerability (CVE-2023-34362) within the MOVEit file transfer solution, pilfering sensitive data from a plethora of organizations. The victims include numerous renowned corporations, governments (including multiple U.S. federal agencies and the U.S. Department of Energy), financial institutions, pension systems, and other public and private entities.

Over the past few months, the list of victims of the MOVEit vulnerability has been escalating rapidly. The Cl0p group has forsaken the use of ransomware, opting instead to merely extract sensitive data and threaten companies with its exposure unless a ransom is paid.

Notably, this marks the third occasion within three years that the Cl0p ransomware group has exploited zero-day vulnerabilities in web applications for extortion. Their targets on all occasions have been the “security products” of well-known software companies. Cl0p’s significant success is bound to inspire emulation by other hacker groups, intensifying the grave threat landscape facing application security and the software supply chain.