Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Procter & Gamble is the latest big GoAnywhere zero-day victim

Representational image of a cybercriminal

Procter & Gamble (P&G) is the latest organization to have confirmed having sensitive employee data stolen by the Clop ransomware group. 

The consumer giant has confirmed being breached in a statement given to BleepingComputer, noting, “P&G can confirm that it was one of the many companies affected by Fortra's GoAnywhere incident." 

"As part of this incident, an unauthorized third party obtained some information about P&G employees," Procter & Gamble told the publication.

Long list of victims

While the company does not name Clop as the perpetrators behind this incident, it is quickly becoming well-known that the ransomware gang successfully leveraged a security flaw in Fortra’s secure file-sharing tool and compromised sensitive data belonging to dozens, if not hundreds of firms. 

So far, Clop has added tens of organizations on its data leak site, including Hitachi Energy, Hatch Bank, and Saks Fifth Avenue, and the hackers claim to have compromised 130 organizations - but haven’t listed all of them just yet.

In this particular incident, P&G says payment data was not taken:

"The data that was obtained by the unauthorized party did not include information such as Social Security numbers or national identification numbers, credit card details, or bank account information,” the company said.

"When we learned of this incident in early February, we promptly investigated the nature and scope of the issue, disabled [the] use of the vendor's services, and notified employees."

There is no evidence that Clop stole customer data, P&G also added, and concluded that the company’s business operations are “continuing as normal”.

Some sources claim Clop is a ransomware operator with ties to the Russian Federation. There is no information on the amount of money the group demands in exchange for not publishing the data online.

"We want to inform you that we have stolen important information from your GoAnywhere MFT resource and have attached a full list of files as evidence," the group says in the ransom note, according to the media. 

"We deliberately did not disclose your organization and wanted to negotiate with you and your leadership first. If you ignore us, we will sell your information on the black market and publish it on our blog, which receives 30-50 thousand unique visitors per day."

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.