Encircle News!

Retro Game Arcade
, , , , ,

New victims come forward after mass-ransomware attack

Zack Whittaker

The number of victims affected by a mass-ransomware attack, caused by a bug in a popular data transfer tool used by businesses around the world, continues to grow as another organization tells TechCrunch that it was also hacked.

Canadian financing giant Investissement Québec confirmed to TechCrunch that “some employee personal information” was recently stolen by a ransomware group that claimed to have breached dozens of other companies. Spokesperson Isabelle Fontaine said the incident occurred at Fortra, previously known as HelpSystems, which develops the vulnerable GoAnywhere file transfer tool.

Hitachi Energy also confirmed this week that some of its employee data had been stolen in a similar incident involving its GoAnywhere system, but saying the incident happened at Fortra.

Over the past few days, the Russia-linked Clop gang has added several other organizations to its dark web leak site, which it uses to extort companies further by threatening to publish the stolen files unless a financial ransom demand is paid.

TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward.

However, while the number of victims of the mass-hack is widening, the known impact is murky at best.

‘130 organizations’

Since the attack in late January or early February — the exact date is not known — Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization’s network that allows companies to securely transfer huge sets of data and other large files.

It isn’t clear if Fortra, which has not publicly commented on the incident, knows yet which customers are affected. When reached by email prior to publication, Fortra spokespeople Mike Devine and Rachel Woodford would not comment or provide answers to any of our questions, including whether Fortra’s in-house GoAnywhere systems hosting customers’ data were also hit by the mass-hack.

Details only came to light on February 2 after independent security reporter Brian Krebs first reported details of the bug, which Fortra had hidden behind a login screen on its website. Fortra released security fixes for GoAnywhere five days later on February 7.

By then, the hackers had already stolen reams of data from numerous victims.

Healthcare giant Community Health Systems, one of the largest healthcare providers in the United States, was first to confirm that it was one of the 130 alleged companies fallen victim to the hack, saying at least one million patients had their health information stolen from its affected GoAnywhere system. Digital finance giant Hatch Bank was next to confirm a breach linked to the GoAnywhere bug, then cybersecurity giant Rubrik. The list continues to grow.

Listed companies deny data thefts

It’s not clear if Clop yet knows what data it has stolen in its digital smash-and-grab. TechCrunch contacted some of the organizations known to use GoAnywhere that were recently added to Clop’s leak site. Several responded saying that they were unaffected.

Payment software startup AvidXchange, one of Clop’s latest additions, told TechCrunch that while it uses GoAnywhere to transfer files to a specific company that prints its checks, the company does not store any data on Fortra’s platform.

“Our forensics further prove our conclusion on this matter,” said AvidXchange spokesperson Olivia Sorrells. “Fortra notified AvidXchange of the vulnerability, remediation, and the results of their investigation regarding AvidXchange’s GoAnywhere account the week that the [vulnerability] was announced,” the spokesperson said. “GoAnywhere took AvidXchange’s instance offline once GoAnywhere became aware of the incident to further prevent unauthorized access to the platform.”

Clop’s leak site says that data from AvidXchange is “coming soon.”

Department store giant Saks Fifth Avenue, which was added to Clop’s leak site this week, tells TechCrunch that the hackers exploited the GoAnywhere flaw to steal mock customer data from its systems. “The mock customer data does not include real customer or payment card information and is solely used to simulate customer orders for testing purposes,” said Saks spokesperson Nicola Schoenberg.

A number of other organizations recently added to Clop’s site declined to comment when asked if their GoAnywhere systems — most believed to be hosted by Fortra — were affected.

That includes Swiss pharmaceutical giant Galderma, whose spokesperson Christian Marcoux declined to answer our questions; healthcare call center provider ITx Companies, whose CEO Philip Gower declined to comment; child mental health startup Brightline, whose CEO Naomi Allen deferred to spokesperson John O’Connor, who declined to comment; events planner Emerald Expositions, whose spokesperson Beth Cowperthwaite declined to comment; and MedMinder, whose spokesperson Stacy Clougherty said MedMinder is “aware of the allegations” but declined to comment further while the company investigates.

None of the companies disputed that they are GoAnywhere customers.

Clop has released samples of data allegedly stolen from Onex, seen by TechCrunch, including W-9 tax forms, payment orders, and employee information, including names, gender, and email addresses. Onex did not return requests for comment.

One of the organizations identified by TechCrunch as a GoAnywhere customers but not yet listed by Clop is the City of Toronto, which said it was unaffected by the mass-hack. “The City and Fortra have conducted a review and determined that there has been no exfiltration of internal data, nor residents’ data,” said city spokesperson Ashika Theyyil.

Other identified GoAnywhere users did not respond to multiple requests for comment, including Canadian rehab and mental health provider Homewood Health; England-based affordable housing provider Guinness Partnership; retail banking company Avidia Bank; Medex Healthcare; Cornerstone Home Lending, and Colombian energy giant Grupo Vanti.

Lorenzo Franceschi-Bicchierai contributed.

If you know more about the Fortra bug or breach, you can contact Carly Page securely on Signal at +441536 853968, or by email. You can also contact Zack Whittaker on Signal and WhatsApp at +1 646-755-8849 or zack.whittaker@techcrunch.com. You can also contact TechCrunch via SecureDrop.

New victims come forward after mass-ransomware attack by Zack Whittaker originally published on TechCrunch

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

Follow Us

Featured Posts

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit
  1. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  2. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  3. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  4. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  5. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI