Ofcom Hit By MOVEit Extortion Hack

Media regulator Ofcom has confirmed it was affected by the mass hack on Progress Software’s MOVEit secure transfer tool by a Russian ransomware gang.

Ofcom said confidential data about some of the companies it regulates had been compromised, along with personal information on 412 employees.

Transport for London and accountancy firm Ernst & Young (EY) said they were also affected by the hack on MOVEit, which is used by companies around the world to transfer sensitive data.

The Clop ransomware group has issued a deadline of Wednesday for hacked companies to begin negotiations via email, or they will begin releasing data on their darknet ransomware extortion site.

Mass hack

Ofcom said it had taken immediate action to prevent further use of MOVEit and to implement security measures.

The regulator said it “swiftly” alerted all of the companies it regulates and is offering support and assistance.

“A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack,” the regulator said.

“We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.”

Investigation

The regulator clarified that the data was downloaded from the hacked MOVEit servers and that Ofcom’s own systems were not breached.

Transport for London (TfL) said its data was affected via a contractor who used MOVEit.

It said the IT systems involved have been secured and that the data in question did not include banking details or passenger data.

EY said the vast majority of its systems that used MOVEit were unaffected but that it is “manually and thoroughly investigating systems where data may have been accessed”.

“Our priority is to first communicate to those impacted, as well as the relevant authorities. Our investigation is ongoing,” EY said.

Ransom

British Airways, Aer Lingus, the BBC and Boots said last week that they were affected by the hack as the MOVEit tool is used by their services provider Zellis.

Ryan McConechy, chief technology officer of Barrier Networks, said the attack was likely to go down as “one of this year’s mega cyberattacks” but he said it was unlikely firms would be tempted to pay the Clop gang to keep their data secure, in part because of the wide publicity around the crime.

“Firstly, this would harm their reputations among the wider public for engaging with Russian cybercriminals, while, secondly, the reality is this data is now in the hands of criminals, and whether a ransom is paid or not, there are never any guarantees it will be deleted,” McConechy said.

He said the priority for affected companies is now remediation, including securing their systems and being “extra vigilant” for scams that might be carried out using the stolen data.