Pharmacy chain Boots, Nova Scotia’s government and at least two airlines are reportedly victims of an ongoing cyberattack.
According to published reports Monday (June 5), Boots, British Airways and the BBC have all informed employees that their information may have been compromised during a hack of payroll provider Zellis.
Nova Scotia’s government was also apparently victimized in a related hack. Also impacted was Irish airline Aer Lingus.
The hacks reportedly made use of the same vulnerability in the file transfer product, MOVEit, developed by Progress Software Corp.
Last week, Progress Software announced the vulnerability, warning that it could lead to potential unauthorized access into users’ systems.
“When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps,” MOVEit spokesperson John Eddy said in a statement.
A report last week by TechCrunch said that the vulnerability also affects customers who rely on MOVEit’s cloud platform, which includes the U.S. Department of Homeland Security and a number of big banks.
While no ransom demands have been made, experts expect cyber criminals will begin contacting affected companies with this demand: pay us, or we’ll publish your stolen data.
“We’re expecting the extortion communications to start anytime within the next four weeks or so,” Charles Carmakal, chief technology officer at cybersecurity firm Mandiant, told Bloomberg News. “There is a lot of data that the threat actor has to sort through. When the extortion starts, it will probably carry on for a few months.”
In a report published in January, the firm said that ransomware attackers extorted at least $456.8 million from victims in 2022, compared to $765.6 million in 2021.
And while Chainalysis acknowledged that the actual figure is likely to be much higher than its data suggests, the general trend is clear: ransomware payments have come down. In fact, the findings indicate that in 2022 after several years of decline, just 41% of ransomware victims paid out, compared to 76% in 2019.
This year also saw a hacking collective called the “Nevada Group” carry out one of the largest ever ransomware attacks, with the hackers exploiting a vulnerability found in cloud servers.
“The scale of this campaign is one of the biggest we have seen, (and since it is ongoing), the real problem is that veteran groups see the potential damage they can do,” Shmuel Gihon, security researcher at Israel’s CyberInt, told the Financial Times in February.