Maine Hit by MOVEit Supply Chain Attack – Week 12

On November 9th, APNews reports that Maine has informed resident-users that a MOVEit attack caused a breach. In October, 9to5mac.com wrote about a MOVEit 0day that was making in-roads.

Ransomware is now implementing a double-extortion method to get victims to pay its ransoms. Normally, a company or organization might be able to restore from a backup and thereby avoid paying the ransom that was requested for them to restore their services; however, ransomware is now adding the threat of release of information, if that ransom hasn’t been paid.

In 9to5Mac’s 2023 State of Ransomware, the USA is considered the highest target with ransomware. It is 7x more likely to be targeted with ransomware than the next highest countries. Here’s Malwarebytes’ assessment on why CL0P is outpacing Lockbit:

The drive behind the sudden change? CL0P used separate zero-days in GoAnywhere MFT and MOVEit Transfer to gain an edge. This gave them the ability to launch an unprecedented number of attacks within a short time frame and across a massive scale.

The use of zero-day vulnerabilities by ransomware groups like CL0P may trigger a significant shift in ransomware strategies, mirroring the adoption of the “double extortion” tactic in 2019.

Malwarebytes, https://9to5mac.com/2023/08/04/us-number-one-for-ransomware-attacks/

Unfortunately, I don’t foresee any of this easing up. With ransomware crews achieving successes, they’ll probably continue with this activity. In some areas online, I’m starting to hear that the best recommendation (due to these breaches of information) is to freeze your credit, and unthaw it temporarily when shopping. Why is this becoming a common recommendation? With so many breaches, it’s more probable that your information is available. It might also be helpful if the government would implement some protections with teeth to increase the deterrence.