Procter & Gamble is the latest big GoAnywhere zero-day victim

The company confirmed the attack to the media

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Procter & Gamble (P&G) is the latest organization to have confirmed having sensitive employee data stolen by the Clopransomwaregroup.

The consumer giant has confirmed being breached in a statement given toBleepingComputer, noting, “P&G can confirm that it was one of the many companies affected by Fortra’s GoAnywhere incident."

“As part of this incident, an unauthorized third party obtained some information about P&G employees,” Procter & Gamble told the publication.

Long list of victims

While the company does not name Clop as the perpetrators behind this incident, it is quickly becoming well-known that the ransomware gang successfully leveraged asecurityflaw in Fortra’s secure file-sharing tool and compromised sensitive data belonging to dozens, if not hundreds of firms.

So far, Clop has added tens of organizations on its data leak site, including Hitachi Energy, Hatch Bank, and Saks Fifth Avenue, and the hackers claim to have compromised 130 organizations - but haven’t listed all of them just yet.

In this particular incident, P&G says payment data was not taken:

“The data that was obtained by the unauthorized party did not include information such as Social Security numbers or national identification numbers, credit card details, or bank account information,” the company said.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“When we learned of this incident in early February, we promptly investigated the nature and scope of the issue, disabled [the] use of the vendor’s services, and notified employees.”

Clop ransomware may have infected even more victims than previously thought>Saks Fifth Avenue becomes latest Clop ransomware victim>Check out the best endpoint protection services right now

There is no evidence that Clop stole customer data, P&G also added, and concluded that the company’s business operations are “continuing as normal”.

Some sources claim Clop is a ransomware operator with ties to the Russian Federation. There is no information on the amount of money the group demands in exchange for not publishing the data online.

“We want to inform you that we have stolen important information from your GoAnywhere MFT resource and have attached a full list of files as evidence,” the group says in the ransom note, according to the media.

“We deliberately did not disclose your organization and wanted to negotiate with you and your leadership first. If you ignore us, we will sell your information on the black market and publish it on our blog, which receives 30-50 thousand unique visitors per day.”

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Australian Beach Volleyball Tour live stream: How to watch bronze and gold medal matches online for free, finals, start time