According to a report released on Thursday, multiple US government websites fell victim to a global ransomware attack. The attack exploited a vulnerability in widely used software, which led to compromises in the US Cybersecurity and Infrastructure Security Agency (CISA) and several federal agencies’ MOVEit applications. The acting chief of CISA stated that the agency is actively assisting affected federal agencies and is diligently working to understand the impact and expedite remediation measures.
MOVEit, the targeted software, is primarily used for encrypting and transferring sensitive files. However, CISA has not yet provided a comment in response to inquiries about the incident.
The identity of the perpetrator behind the attack remains undisclosed. It is uncertain if this attack is connected to the Russian-speaking CLOP group, which had previously claimed responsibility for other cyberattacks. CLOP has targeted various organizations, including Shell oil company, BBC, British Airways, Heidelberg (a German manufacturer), Putnam Investments (an investment management firm), and several state governments such as Illinois and Minnesota. In these attacks, CLOP demanded ransom payments, threatening to leak victims’ personal data on the darkweb if their demands were not met.
Given the widespread use of MOVEit software, the full extent of the breach is still being assessed. The software’s maker, Progress, has urged users to update their software and provided security recommendations to mitigate risks. Experts caution that although CLOP was behind the initial wave of attacks exploiting MOVEit vulnerabilities, it is possible that other groups or individuals have also taken advantage of the same vulnerabilities.