The mass exploitation of MOVEit transfer software has become one of the largest hacks of the year, but also one of the largest in recent history. The complete impact of the attack still remains for months. There are now more than 1,000 known victims of the MOVEit breach.
Since May 2023, the fallout has began when Progress disclosed a zero-day vulnerability in MOVEit Transfer, its managed file transfer service used by thousands of organizations around the world to move large amounts of often-sensitive data over the internet. The critical-rated vulnerability allowed attackers, specifically the notorious Clop ransomware and extortion gang to raid MOVEit transfer servers and steal customers’ sensitive data stored within.
Since then, the Clop’s extortion has come to the limelight continuously, and still, the information is not stopped.
Analysis by Numbers
As per Emisoft, the number of known victim organizations crossed the 1,000 milestones, and the number of impacted individuals also surpassed the 60 million mark.
U.S.-based organizations account for 83.9% of known MOVEit corporate victims. Germany organizations account for about 3.6% of total victims, followed by Canadian companies at 2.6% and firms in the United Kingdom at 2.1%.
The largest victim of the MOVEit breach is Maximus after confirming that hackers accessed the protected health information, including Social Security numbers of as many as 11 million individuals.
The top five MOVEit victims list is the Louisiana Office of Motor Vehicles (6 million). Colorado Department of Health Care Policy and Financing (4 million) and the Oregon Department of Transportation (3.5 million).
Out of 1,400 MOVEit servers that were openly accessible on the internet found that 15.96% of hosts were associated with the healthcare sector, 8.92% were linked to information technology organizations, and 7.5% were attributed to government and military entities.
Researchers believe that Clop may have been sitting on its MOVEit exploit as far back as 2021 and experimenting with it. U.S. risk consulting firm Kroll said in a report that while news of the vulnerability first emerged in late May,
The U.S. State Department offered a $10 million bounty related to information on the Clop ransomware group after records from a number of department’s entities were compromised in the MOVEit breach.
Clop could have earned $100,000,000 from the MOVEit mass-hacking campaign, according to ransomware recovery company Coveware, with that sum derived from just a small handful of victims who gave into the hackers’ demands and paid significant ransom payments.