Negotiations Failed? Clop Ransomware Posts Data of Johns Hopkins University, Honeywell, and 54 Others

Jul 31, 2023

In what appears to be the result of failed ransom negotiations, the Clop ransomware group has now started leaking data of the victim organizations.

In a new series of posts, the groups claim to reveal data from the Johns Hopkins University, Honeywell, and TomTom, totaling data leaks of 56 companies, organizations, and universities

Johns Hopkins University confirmed the cyber attack last month, followed by Honeywell and GPS tech company TomTom.

The full extent of the leak is yet to be analyzed as the threat actors have claimed to have leaked sensitive data and information files from the victims. 

The Cyber Express previously reported about the Johns Hopkins University data breach, where the university acknowledged the breach.

The university asked its students, staff, and faculty members to remain vigilant against the attack.

“Until we know more, we strongly urge all students, faculty, and staff—as well as dependents—to take immediate steps to protect your personal information as a precautionary measure,” read the notice from Johns Hopkins University. 

Clop ransomware group leaks data of multiple companies involved in the MOVEit data breaches 

Source: Twitter

The Clop ransomware group allegedly claims to have breached large-scale organizations. These organizations were previously targeted by the Clop ransomware group, who were exploiting a critical vulnerability in the MOVEit file transfer software. 

In this new announcement, the threat actor has shared the full list of the victims whose data has been leaked as part of the MOVEit vulnerability. The following are some high-profile organizations whose data has been revealed by the prolific threat actor. 

ARVATO.COM
SCCU.COM
AGILYSYS.COM
KALEAERO.COM
CONSOLENERGY.COM
RADIUSGS.COM
CLEARESULT.COM
HONEYWELL.COM
TGIDIRECT.COM
NASCO.COM
JACKENTERTAINMENT.COM
AMCTHEATRES.COM
SLB.COM
GRIPA.ORG
MOTHERSON.COM
ASPENTECH.COM
DISCOVERY.COM
ROCHESTER.EDU
YAKULT.COM.PH
USG.EDU
AMERICANNATIONAL.COM
BCDTRAVEL.COM
AUTOZONE.COM
CROWE.COM
RADISSONHOTELSAMERICAS.COM
WESTAT.COM
JPRMP.COM
FMFCU.ORG
JHU.EDU
VISIONWARE.CA
UMASSMED.EDU
VRM.DE
SMA.DE
RICOHACUMEN.COM
EMERSON.COM
TOMTOM.COM
BAM.COM.GT
PIONEERELECTRONICS.COM
RITEAID.COM

Exploring the spree of the Clop ransomware group

The ransomware group, prior to this data leak, claimed data breaches of several high-profile organizations, including Deloitte, Chuck E. Cheese, Maximus, and the Hallmark Channel.

The breach at Deloitte, a prominent multinational firm, has been confirmed, although specific details regarding the extent and nature of the data accessed have not been disclosed, as per CyberNews.

Clop’s attack on Deloitte is part of a concerning trend, with the ransomware group exploiting vulnerabilities in vulnerable installations of the file-transfer tool, MOVEit, to target organizations.

Other notable accounting firms, such as PwC and Ernst and Young, have also fallen victim to similar attacks.

Government contractor Maximus, responsible for administering vital US programs like Medicaid and Medicare, revealed that Clop had accessed the personal information of up to 11 million individuals.

The compromised files may contain sensitive data, including social security numbers and protected health information

As a result of this breach, Maximus anticipates incurring significant expenses, estimated at up to $15 million, for remediation efforts.

Both Chuck E. Cheese and the Hallmark Channel have been identified as victims of Clop’s leak site, although they have yet to respond to share any official statements about the breach.

Progress Software has since patched the vulnerabilities in its software, but the full extent of the impact and associated costs of the incident remain uncertain.

The legal proceedings will likely be protracted, stretching over months or even years before resolutions are reached.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Get Free Report & Network Analysis

Please check your email for the free report.