The City of Toronto and Virgin are among dozens of organizations that have been affected by a vulnerability in Fortra’s GoAnywhere file transfer product. The Clop ransomware group has exploited this vulnerability to attack organizations and gain unauthorized access to their data.
The City of Toronto has confirmed that hackers accessed its data through a third-party vendor and that it is investigating the identified files. Virgin has also confirmed that its rewards club, Virgin Red, was hacked through the same vulnerability.
Pluralsight, a learning platform, has also been affected and has discontinued the use of the product.
Clop has added 39 new victims to its leak site, including high-profile companies such as Rio Tinto, Rubrik, Hatch Bank, and a large health provider in the US.
The group has hacked into more than 130 organizations through the GoAnywhere vulnerability. Clop is known for “mass-hacking” multiple organizations by exploiting vulnerabilities in third-party software. This approach distinguishes it from other ransomware operations.
It is a ransomware-as-a-service operation, and a number of affiliates use its ransomware in their attacks.
Clop is also known for having links to larger cybercriminal gangs, such as FIN11 and TA505.
It often targets high-profile organizations and has been active since February 2019.
The group used the same tactic in late 2020 and early 2021 to attack over 100 organizations using Accellion’s legacy File Transfer Appliance, exploiting zero-day vulnerabilities and a new web shell. The City of Toronto suffered a data breach in April 2021 due to the Accellion issue.
