4 minutes

Clop Ransomware Attack: A Stark Reminder of Cybersecurity Vulnerabilities

Take cybersecurity seriously, or you might get Clop-ped.

Intralinks-Ransomware-Clop-Blog

Ransomware attacks have been growing exponentially in recent years. Organizations succumbing to hacks due to a security lapse face severe financial, operational and reputational consequences.

One of the most notorious recent cyber-attacks occurred in May when Clop, a Russian ransomware gang, exploited a security flaw in MOVEit, a file-transfer tool used by large corporations and financial institutions to transfer and share large files.

SS&C Intralinks, a winner of the 2023 Fortress Cyber Security Award for the past two years, does not use MOVEit. Our security protocols are specifically designed to ensure that our clients’ sensitive data is never exposed to unnecessary risk. In 2021, Intralinks became the inaugural virtual data room (VDR) provider to attain ISO 27701 certification, which represents the pinnacle of data privacy standards presently attainable.

Clop's successful infiltration of MOVEit resulted in several large-scale casualties across the world. In the U.K., the BBC, British Airways (the breach included the payroll data of all iU.K.-based employees), Aer Lingus, the pharmaceuticals retailer Boots and the communications regulator, Ofcom, were impacted. Zellis, a human resources software manufacturer and payroll provider, acknowledged the compromise of its MOVEit system on June 5. In a statement posted on the company’s website, the company acknowledged the incident that it described as impacting a "small number" of its corporate clients.

Unfortunately, the list of victims doesn’t end there. A U.S.-based fintech service provider was caught in Clop’s web as well as Shell Oil, the University System of Georgia (USG) and Nova Scotia’s government.

Modus operandi

The Clop ransomware attack stands out for its scale, sophistication and adaptability. The perpetrators behind Clop continuously refine their tactics, making it challenging for security professionals to keep pace. The Clop gang operates like a well-oiled machine, utilizing a "ransomware-as-a-service" model where they collaborate with criminal affiliates who distribute malware. This decentralized approach makes it harder to trace and apprehend the individuals behind the attacks. 

For an M&A deal team in the middle of negotiating a transaction or a fund manager involved in fundraising or investor onboarding, a hack could negatively impact a deal or end a limited partner’s interest causing severe repercussions to a firm’s reputation. 

After much disruption to critical services and bad publicity, the hacked entities will eventually get themselves back online. Some might have to pay hefty ransom payments to regain access to the information that’s now in the hands of a group whose intentions are malicious. What the hackers will do with the data is anyone’s guess, making the ordeal far from over. The adverse implications of a seemingly one-time event could be far-reaching, resulting in a nightmare that never ends.

For an M&A deal team in the middle of negotiating a transaction or a fund manager involved in fundraising or investor onboarding, a hack could negatively impact a deal or end a limited partner’s interest causing severe repercussions to a firm’s reputation. 

The frequency of these attacks is increasing rapidly. Just recently, a large Bay Area-based company found itself the victim of an unrelated ransomware attack. With their M&A deal in jeopardy, they turned to Intralinks to keep their business running — and their deal moving forward.

An ounce of prevention

The scale, sophistication and adaptability of Clop’s attack highlights the need for a proactive and comprehensive approach to cybersecurity.

With the threat of cybercrime ever-present, organizations need to protect their sensitive data by seeking out partners who have robust cybersecurity practices. Questions you might want to ask a potential vendor include:

  • Do you have multi-layer infrastructure defenses to protect against data-tampering attacks and other threats? 
  • Do you offer 24/7 continual security assessment and monitoring?
  • Do you allow PEN testing? If so, are you willing to share the unredacted results of those tests?

Bad actors are growing increasingly sophisticated. By remaining vigilant to emerging threats, firms can help minimize the likelihood of falling victim to ransomware attacks. Finding the right partner with a platform that offers bank-grade security to protect your sensitive data in an interconnected world is also proving to be essential. After all, why would anyone cut corners and needlessly increase their risk when it comes to data security? It’s simply not worth it.

Tom Tibbs Intralinks