Procter & Gamble is the latest big GoAnywhere zero-day victim
Procter & Gamble (P&G) is the latest organization to confirm sensitive employee data was stolen by the Clop ransomware group.
The consumer giant has confirmed in a statement that it has been hurt Beeping computernoting, “P&G can confirm that it was one of the many companies affected by the Fortras GoAnywhere incident.”
“As part of this incident, an unauthorized third party obtained some information about P&G employees,” Procter & Gamble told the publication.
Long list of victims
Although the company does not name Clop as the culprit behind this incident, it is quickly revealed that the ransomware gang successfully exploited a security (opens in new tab) Flaws in Fortra’s secure file-sharing tool put sensitive data of dozens, if not hundreds, of companies at risk.
So far, Clop has added dozens of organizations to its data leak site, including Hitachi Energy, Hatch Bank, and Saks Fifth Avenue, and the hackers claim to have compromised 130 organizations — but haven’t listed them all yet.
In this particular incident, P&G says payment details were not captured:
“The data obtained from the unauthorized party did not include information such as social security numbers or national identification numbers, credit card details, or bank account information,” the company said.
“When we learned of this incident in early February, we immediately investigated the nature and scope of the problem, disabled [the] Use of Provider’s Services and Notified Employees.”
There is no evidence that Clop stole customer data, P&G added, concluding that the company’s business operations are “continuing as usual”.
Some sources claim that Clop is a ransomware operator with ties to the Russian Federation. There is no information on how much money the group is asking for not publishing the data online.
“We would like to inform you that we have stolen vital information from your GoAnywhere MFT resource and have included a complete list of files as evidence,” the ransom note reads, according to the media.
“We deliberately did not disclose your organization and wanted to negotiate with you and your leadership first. If you ignore us, we’ll sell your information on the black market and post it on our blog, which gets 30-50,000 unique visitors a day.”
About: BleepingComputer (opens in new tab)