Cybercriminals recently used Clop ransomware to steal students' grades and Social Security numbers from Accellion File Transfer Appliance (FTA) servers at the University of Colorado (CU) and University of Miami, according to Bleeping Computer. They started publishing screenshots of files stolen from the universities after demanding a ransom of $10 million.
CU in February 2021 disclosed that it experienced a cyberattack where threat actors stole data via an Accellion FTA vulnerability, Bleeping Computer noted. A forensic investigation revealed multiple data types may have been accessed during the incident.
The University of Miami has not disclosed a cybersecurity incident, Bleeping Computer reported. However, the university has shut down its SecureSend file sharing service.
FireEye in February 2021 discovered cybercriminals were using FTA zero-day vulnerabilities to steal and extort data from various global organizations. Accellion said it has patched all known FTA vulnerabilities exploited by cybercriminals to date.
What Is Clop Ransomware?
Clop is a variant in the Cryptomix ransomware family discovered in February 2019, according to Malwarebytes. It encrypts systems and exfiltrates data that can be published on a leak site if a victim refuses to pay a ransom.
Cybercriminals can distribute Clop by email either sent out as spam or combined with social engineering, Malwarebytes indicated. They can use Clop to stop Windows processes and uninstall security software before it starts an encryption routine. After the encryption is finished, a victim will receive a Clop ransom note.
Software AG Experiences Clop Ransomware Attack
During the Software AG attack, cybercriminals used Clop to breach the company's internal network, Malwarebytes indicated. Cybercriminals demanded a ransom of more than $20 million, which Software AG refused to pay. In response, they published the information they gathered from the attack on a dark web website.
How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.