Ransomware hackers accessed systems used by Illinois government agencies for a few hours May 31, according to the Illinois Department of Innovation and Technology, which said Friday it’s not clear what information was accessed or affected but that they expect it to end up affecting a “large number” of people.
Federal authorities have attributed the attack to the CL0P Ransomware Gang, which also went after major companies around the world last month. CL0P hackers gained access to MOVEit software, getting in to Illinois’ network for about three hours, officials said.
Sanjay Gupta, Illinois’ chief information officer, said state security teams have verified “that the vulnerability could no longer be exploited in our system.”
Officials haven’t released information on what information could have been vulnerable — or whether a ransom was demanded for the compromised information, as the gang has done in the past.
The BBC, British Airways and Boots — Walgreens’ UK-based retail and health stores — previously told a combined 100,000 employees that payroll data might have been taken in the same attack on MOVEit systems used by their payroll provider.
Considered “one of the largest phishing and malspam distributors worldwide” by the federal Cybersecurity and Infrastructure Security Agency, CL0P has been blamed for compromising more than 8,000 organizations globally since 2019.
The latest attack on MOVEit systems was launched earlier in May and discovered June 2.
A separate attack was conducted by the ransomware group in January, using phishing scams and threats to release information. Ransom notes were sent to “upper-level executives” of companies affected by the scams, with the emails claiming to have stolen “important information” from more than 100 victims, federal officials said.
“If you ignore us, we will sell your information on the black market and publish it on our blog,” the ransom notes threatened.
Hackers have targeted Illinois in the past. Illinois Attorney General Kwame Raoul’s office network was breached in 2021,
And Russian hackers went after the state Board of Elections website in 2016.