The Clop ransomware gang has confirmed that they are behind the MOVEit Transfer attacks where they have been exploiting a zero-day vulnerability to breach servers belonging to “hundreds of companies” and steal data. It has been revealed that the gang had started exploiting the vulnerability on Saturday 27th of May 2023, during the US Memorial Day holiday.
At this time, the ransomware gang has confirmed that they have not begun to extort victims. It is believed that they are likely using the time to review exfiltrated data and determine what is valuable and how it could be used to leverage a ransom demand from breached companies. Although, Clop has announced that all affected organizations should reach out and negotiate a ransom if they don’t want their data leaked online on Wednesday 14th of June 2023.