Ofcom has confirmed that it has become the most recent victim of a ransomware attack by the cybercriminal organization Clop, which is believed to be based in Russia. Over the past few weeks, numerous companies, including BBC, British Airways, and Boots, have reported sensitive data being stolen by the ransomware group, affecting over 100,000 staff in total. In some cases, the data accessed included sensitive payroll information.
In Ofcom’s case, the personal information of 412 employees was accessed, as well as confidential data belonging to companies being regulated by Ofcom. Payroll data was not accessed in this instance. The breach is related to vulnerabilities in MOVEit, a software used by organizations to transfer sensitive information.
A critical vulnerability in the software was reportedly discovered in May, with attempts to exploit it revealed a month later. However, this information came too late to prevent Clop from targeting major companies worldwide. Despite the setback, Ofcom states that it has acted quickly to minimize the impact of the attack and has notified the Information Commissioners Office.
Ofcom mentioned in a statement, “A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack. The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously. We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.”
Clop is reportedly threatening to publish the sensitive data of affected companies later this week unless they pay a ransom fee. The size of the ransom has not been made public.
Ransomware attacks have grown rapidly in recent years, driven by an influx of new cybercriminal organizations and the expansion of existing operations since the beginning of the coronavirus pandemic.
Charl Van Der Walt, Head of Security Research at Orange Cyberdefense, explained, “Cyber extortion activity has reached a new high in the first quarter of 2023, and the recent MOVEit data breach is a stark reminder that threat actors are always on the lookout to wreak havoc. In this case, companies using the MOVEit software became potential targets as it appears that hackers affiliated with the Cl0p group orchestrated a mass attack to find and compromise their servers.”
Large organizations accounted for 36% of all victims in 2022, which is not surprising since they handle thousands of pieces of personal data. However, medium and small-sized organizations are not safe either, as cybercriminals are opportunistic by nature. The global telecoms industry will need to evaluate whether it is doing enough to protect their customers’ personal data from ransomware attacks.