The Clop extortion gang, which claimed to have abducted the data of over 130 companies using a zero-day vulnerability in Goanwhere MFT product Fortra, has now started to extort money from these affected companies. The group made a public statement in mid-February, and since then, only two companies – Community Health Systems and Hatch Bank – have officially confirmed that their data was indeed stolen in the attack.
The CLOP extortion gang has recently released a list of seven companies on its onion site, whose data will soon be merged into open access. Some of the companies on the list have confirmed being contacted by the hackers, but the amount of money paid to the attackers remains unknown.
The massive scale of the data leak has raised concerns and questions about Fortra’s vulnerability and the security measures in place at the company. The incident has caused significant damage to over a hundred organizations, and it is unclear how many more might have been affected. The situation has also put a spotlight on the responsibility and accountability of companies for safeguarding their data against cyberattacks.
The impact of this attack on Fortra and the affected companies is yet to be fully realized. Meanwhile, the employees responsible for managing the leak are likely under significant stress and facing scrutiny. It remains to be seen how this incident will affect Fortra’s future and whether the company will recover from these damaging revelations.