When the cry Ransomware (opens in a new tab) It was first revealed that they abused a vulnerability in GoAnwyhwere and stole data from 130 companies, but not many people believed them. Especially since at the time, the team only added details from one victim – Health Systems – to its data leak website.
However, as the days go by and Clop continues to add more and more victim companies to its website, it’s possible the team was telling the truth from the start. That still doesn’t mean the number is correct.
The latest victim is Canadian financial giant Investissement Quebec. Earlier this week, the company confirmed to TechCrunch that “some employee personal information” was taken by the group after abusing the GoAnywhere vulnerability.
Dozens of victims
Previously, we had dozens of companies added to the leaked site, which were later confirmed to have been compromised: Hitachy Energy, Hatch Bank, Rubrik, AvicXchange, Saks Fifth Avenue, Galderma, ITx Companies, Brightline , Emerald Expositions, MedMinder, Onex, City of Toronto (supposedly, but unconfirmed), Homewood Health, Guinness Partnership, Avidia Bank, Medex Healthcare, Cornerstone Home Lending, and Grupo Vanti, to name just a few of them .
TechCrunch says that the group has so far added about half of the 130 companies allegedly affected. But that still doesn’t mean the data was stolen or that it’s valid. For instance, payments software startup AvidXchange told the media that although it’s listed on Clop’s website (as “coming soon”), it doesn’t store any data on it. Fortra.
Saks Fifth Avenue said the group only stole “fake data” – placeholder data used by different parts of the company for training and analysis. Saks spokeswoman Nicola Schoenberg said: “The fake customer data does not include real customer or payment card information and is only used to simulate customer orders for testing purposes. .
Even if the final number is smaller than what Clop originally stated, it will most likely still be more than people initially thought.
Through: TechCrunch (opens in a new tab)
