Fortra clop

Average ransomware payments significantly went up to US$220,298, which is an increase of 43%. It also said that the median ransom payment increased sharply to US$78,398 from US$49,459, which translates to a 60% hike.Recent Clop activitiesThe Clop ransomware gang also claimed to have targeted 130 organizations who were victims of the Fortra GoAnywhere MFT vulnerability over a month-long period in March 2023. Although Clop ransomware actors did not share specific details on how they exploited the vulnerability, security researcher Florian Hauser published proof-of-concept code on it, while Fortra released an emergency patch shortly after. Meanwhile, in April 2023, Microsoft attributed the exploitation of CVE-2023-27350 to the Clop and LockBit ransomware gangs. CVE-2023-27350 is a vulnerability in the widely used print management software solution PaperCut that was disclosed via Trend Micro's Zero Day Initiative (ZDI),™ as covered in ZDI-23-233. According to Microsoft, the threat actor abused the vulnerability to deploy the Truebot malware and ultimately, the Clop and LockBit ransomware families to steal critical company information.In May of this year, it was reported that FIN7 (aka Sangria Tempest) used the POWERTRASH malware to launch the Lizar toolkit in a series of that started in April 2023. The cybercrime group used the backdoor to take hold of and laterally move within the victim’s network and finally, distribute the Clop ransomware on compromised machines.Since May 2023, the group continuously exploited critical zero-day vulnerabilities in file transfer software MOVEit Transfer and MOVEit Cloud via CVE-2023-24362 and CVE-2023-35036, to compromise a number of private and public organizations from various industries. While the company was able to immediately deploy workarounds, Clop exploited these openings to get into vulnerable systems and networks to exfiltrate sensitive data. Researchers and analysts have noted that no ransomware payloads were observed from these attacks, but that the group were focused more

Hitachi Energy disclosed a data breach, the Clop ransomware gang stole the company data by exploiting the recent GoAnywhere zero-day flaw.Hitachi Energy disclosed a data breach, the company was hacked by the Clop ransomware gang that stole its data by exploiting the recently disclosed zero-day vulnerability in the GoAnywhere MFT (Managed File Transfer).The company was the victim of a large-scale campaign targeting GoAnywhere MFT devices worldwide by exploiting the zero-day vulnerability.“We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the CLOP ransomware group that could have resulted in an unauthorized access to employee data in some countries.” reads the statement pblished by the company.“Upon learning of this event, we took immediate action and initiated our own investigation, disconnected the third-party system, and engaged forensic IT experts to help us analyze the nature and scope of the attack. Employees who may be affected have been informed and we are providing support. We have also notified applicable data privacy, security and law enforcement authorities and we continue to cooperate with the relevant stakeholders.”Hitachi Energy immediately launched an investigation into the incident and disconnected the compromised system. The company reported the data breach to law enforcement agencies and data protection watchdog. The company pointed out that its network operations or the security of its customer data have not been compromised.In early February, the popular investigator Brian Krebs first revealed details about the zero-day on Mastodon and pointed out that Fortra has yet to share a public advisory.According to the private advisory published by Fortra, the zero-day is a remote code injection issue that impacts GoAnywhere MFT. The vulnerability can only be exploited by attackers with access to the administrative console of the application.Installs with administrative consoles and management interfaces that

Ransomware, Threat ManagementU.S. healthcare providers have been warned by the Department of Health and Human Services Cybersecurity Coordination Center regarding new Clop and LockBit ransomware attacks leveraging a Fortra GoAnywhere Managed File Transfer system flaw, tracked as CVE-2023-0669, and two other vulnerabilities in the PaperCut MF/NG printing management software, tracked as CVE-2023-27350 and CVE-2023-27350, HealthITSecurity reports.Exploitation of the Fortra GoAnywhere vulnerability has been noted to account for a 91% increase in ransomware attacks in March compared with February, with Clop, which has almost always targeted the healthcare sector, admitting to having compromised 129 organizations, according to the HC3 alert.Meanwhile, both PaperCut flaws could be leveraged to enable bypass authentication across over 100 million users around the world.Immediate patching has been urged for all of the actively exploited vulnerabilities, with master encryption key modifications and credential resets advised for the Fortra GoAnywhere bug and traffic blocking recommended to mitigate the PaperCut flaws."The probability of cyber threat actors, including Cl0p, targeting the healthcare industry remains high. Prioritizing security by maintaining awareness of the threat landscape, assessing their situation, and providing staff with tools and resources necessary to prevent a cyberattack remains the best way forward for healthcare organizations," said the HC3.Get essential knowledge and practical strategies to protect your organization from ransomware attacks.RelatedGet daily email updatesSC Media's daily must-read of the most current and pressing daily news