Clop Ransomware Attacks: How Should CIOs Respond?
Ransomware targeted file-transfer software called GoAnywhere. Here are some tips for IT leaders on how to root out these types of cyber threats.
A series of cyber attacks by a ransomware group called Clop has affected a number of industries from household goods to healthcare.
The group targeted a zero-day vulnerability in Fortra’s GoAnywhere MFT file-transfer tool, which lets companies securely exchange files. Fortra released a patch on Feb. 7. More than 3,000 organizations use GoAnywhere, according to Fortra.
Procter & Gamble reported that hackers used a vulnerability in GoAnywhere MFT to steal employee information. Meanwhile, Hatch Bank reported unauthorized access to GoAnywhere from Jan. 30-31, according to The Washington Post. Other organizations affected include Community Health Systems, Hitachi Energy, data security company Rubrik, and Saks Fifth Avenue.
Clop, which first surfaced in February 2019, claims to have 130 victims, according to BleepingComputer. The National Institute of Standards and Technology identifies the GoAnywhere vulnerability as CVE-2023-0669.
Cybersecurity journalist Brian Krebs broke the news of the Clop attacks.
Ransomware is a key concern for organizations, according to the Enterprise Strategy Group research report “The Long Road Ahead to Ransomware Preparedness.” In fact, 79% of organizations reported ransomware preparedness as one of the top five business priorities for their executive team and/or board of directors, the ESG report revealed.
Here are some key takeaways on the Clop attacks and tips on how CIOs should respond to these types of ransomware threats.
Check for GoAnywhere Usage
IT leaders should check if the GoAnywhere file-transfer tool is in use, and if so, remove or upgrade it, says Ian McShane, vice president of strategy at cybersecurity company Arctic Wolf Networks.
“If they haven’t been ransomed yet, look for indicators of compromise, change all passwords and especially those that have administrative or elevated privileges,” McShane says.
Users should also apply the latest patch from Fortra.
“You really don't have an excuse for getting hit after the fix comes out, other than you just didn't apply it,” says Mac McMillan, founder of cybersecurity firm CynergisTek.
Prepare for a Resurgence
Threats from ransomware groups like Clop do not go away, McMillan warns.
“I think that's the first lesson for CIOs; what I call professional organized crime hackers just don't go away,” McMillan says. “They come back. It’s like other types of organized crime. You might cut off the head of the snake here, but it pops up somewhere else.”
So what should CIOs do? Concentrate on managing your environment and determine your level of preparedness for detecting and responding to cyber threats when they occur, McMillan says.
Know How to Speak to End Users
A key strategy for responding to ransomware attacks like the GoAnywhere incident is communicating with end users on how to report suspicious incidents when they see them. That involves a well-documented response plan, McShane says.