Oil and gas giant Shell has confirmed that it was the victim of a ransomware cyber attack. In addition, a growing number of businesses, universities and government agencies have been targeted in what is believed to be a global cyberattack which western governments and sources have attributed to Russian cybercriminals.
Shell is one of the victims of the recent large-scale ransomware campaign conducted by the Clop gang exploiting a MOVEit zero-day vulnerability.
While the scope of the attacks are not yet fully known, officials at the US Cybersecurity and Infrastructure Security Agency (CISA) said Thursday that “several federal agencies… have experienced intrusions” and suggested a number of businesses could be impacted as well.
“This has the markings of potentially being classified as Geo-Poli-Cyber™ motivated attack despite it being a Financially motivated Ransomware,” said a senior MLi Group Survivability and Security expert and MLI Group will soon publish more details on this matter.
Separately, state agencies said late Thursday that millions of people in Louisiana and Oregon had their data compromised in a security breach. The states did not blame anyone in particular for the hack but federal officials have attributed a broader hacking campaign using the same software vulnerability to a Russian ransomware gang that calls itself Clop.
The company is investigating the security breach and said that at this time the attack had no impact to its core IT systems.
“We are aware of a cyber security incident that has impacted a third-party tool from Progress called MOVEit Transfer, which is used by a small number of Shell employees and customers,” said Shell US spokesperson Anna Arata in a statement. “There is no evidence of impact to Shell’s core IT systems,” Arata added. “Our IT teams are investigating to understand and manage any risks, and take appropriate action, she said.
The Clop ransomware gang claims to have hacked hundreds of companies by exploiting the above issue.
“Nobody knows the full extent of this, and that’s the way these cyber compromises work,” Robert Cattanach, a partner specializing in cybersecurity at the law firm Dorsey & Whitney and a former trial lawyer for the Department of Justice, “Once you’re compromised, there begins an arduous process of ‘how far in did they get in?’ and ‘what did they take?’ That’s typically weeks, and sometimes months.”
More to come. register to stay up to date.