Russian cybercriminals who stole the confidential information of tens of thousands of BBC and British Airways employees have given the companies one week to pay a ransom.
In a warning posted on the Dark Web, the Clop group, whose members are known to speak Russian, instructed the affected businesses to contact them via email by June 14.
Clop claimed responsibility for a cyber security attack on the British payroll outsourcing firm Zellis, which resulted in the theft of personal information from Boots, the BBC, British Airways, and Aer Lingus. The government of Nova Scotia and the University of Rochester were also targeted.
The gangsters demanded that companies affected by the breach contact them or they would release sensitive payroll information to the Dark Web. This is an unusual tactic on the part of the hackers, who would typically contact their victims directly to demand payment.
The warning note, which was posted to the Clop gang’s dark website and viewed by The Telegraph, stated, “This is an announcement to educate corporations that use Progress MOVEit product.
“If we do not hear from you by June 14, 2023, your name will be posted on this page… call today before your company’s name is published on this page.”
There was no mention of the ransom amount. Typically, the gang adjusts its demands based on the size of the affected business, requiring larger payments from larger enterprises.
This week, Zellis announced that eight of its corporate clients were affected by a “global issue” that may have exposed personal information, including names, residential addresses, and banking information.
A spokesman for British Airways stated, “We have notified colleagues whose personal information has been compromised in order to offer support and guidance.”
The company informed all 34,000 of its employees that their personal information may have been compromised.
The payroll company stated that both British Airways and Zellis have reported the incident to the Information Commissioner’s Office (ICO).
A spokesperson for Boots stated, “A global data vulnerability that affected a third-party software used by one of our payroll providers exposed the personal information of some of our team members.
“Our provider assured us that immediate action was taken to disable the server, and we have notified our team members as a top priority.”
In contrast to many recent high-profile cyber assaults, the most recent incident does not involve ransomware, a type of malicious software that encrypts computer files.
Experts from the cyber security firm Secureworks have verified that the Clop attack is a “hack and leak” scheme involving data theft and blackmail.
The breach and ransom demand follows an earlier attack on Royal Mail by a similar Russian-speaking ransomware gang. The company refused to pay the £65 million ransom demand.
Lisa Forte, a partner at Red Goat Cyber Security and a former cybercrime specialist for the police, stated, “This attack may have been perpetrated by another organization, but Boots, BBC, and others will feel its effects.”
“Crisis management teams and executives will seek advice on the ransom demand, and whether they decide to pay or not, they will have to carefully weigh the repercussions of both options.
“Failure to pay will almost certainly result in the release of the data…so the strategy is essential regardless of how they decide to proceed.”
