The Clop ransomware gang has begun extorting companies whose data was stolen using a zero-day vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution.
GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.
The day after the release of the GoAnywhere patch, the Clop ransomware gang contacted BleepingComputer and said they were responsible for the attacks.
The extortion group said they used the flaw over ten days to steal data from 130 companies. At the time, BleepingComputer could not independently confirm these claims, and Fortra did not respond to our emails.
Last night, the Clop ransomware gang began publicly exploiting victims of the GoAnywhere attacks by adding seven new companies to their data leak site.
Only one of the victims, Hatch Bank, is publicly known to have been breached using the vulnerability. However, BleepingComputer has learned that at least two other listed companies had their data stolen using this flaw as well.
The entries on the data leak site all state that the release of data is “coming soon” but include screenshots of allegedly stolen data.
Furthermore, BleepingComputer has been told that victims have begun to receive ransom demands from the ransomware gang.
During these attacks, the extortion group stole large amounts of data from nearly 100 companies worldwide, with the threat actors slowly leaking data from companies while demanding million-dollar ransoms.