As reported by security research firms Emsisoft and Resecurity, as many as 1,000 organizations and 60 million individuals have been affected by the recent ransomware campaign targeting a SQL injection vulnerability (CVE-2023-34362) in the MOVEit Transfer web application. An attacker can exploit the vulnerability to access file transfers without authentication.
Emsisoft and Resecurity estimate that more than 80% of impacted organizations are in the United States. The list of targets includes organizations in both the public and private sectors, including:
- PBI
- Maximus
- Pôle Emploi
- Louisiana Office of Motor Vehicles
- Colorado Department of Health Care Policy and Financing
- Oregon Department of Transportation
- Teachers Insurance and Annuity Association of America
- Genworth
- PH Tech
- Milliman Solutions
- Wilton Reassurance Company
- UCLA
- Siemens Energy
- Cognizant
- Norton LifeLock
- Netscout
CL0P, the Russian-speaking cybercrime group responsible for the ransomware campaign, leaked nearly 1 TB of stolen information online on August 14 and 15. The group is anticipated to net as much as $100 million in ransom payouts.
Progress Software, the creators of MOVEit, originally issued an advisory and patch for the vulnerability on May 31st. Progress released patches for two additional critical vulnerabilities (CVE-2023-35036 and CVE-2023-35708) in June.