Cybersecurity advisory

CISA, FBI: Ransomware Gang Exploiting Managed File Transfer Solution Vulnerability to Steal Data

The Cybersecurity and Infrastructure Security Agency and the FBI have warned that the CL0P ransomware gang is exploiting a structured query language injection vulnerability in Progress Software’s MOVEit Transfer online applications.

CISA and the FBI published a joint cybersecurity advisory to inform organizations about CL0P’s tactics, techniques and procedures and indicators of compromise to help them defend against ransomware.

Exploiting the vulnerability enables CL0P to infect the managed file transfer solution’s web applications with malware to breach underlying databases and steal data, CISA said.

According to cybersecurity firm Mandiant, the ransomware gang, also known as TA505, began exploiting the vulnerability on May 27, the U.S. Memorial Day. Over 1,700 software companies and 3.5 million users worldwide rely on MOVEit for file transfers.

Conducting ransomware operations during holidays is among CL0P’s tactics. In December 2020, the gang exploited an Accellion File Transfer Appliance vulnerability to steal data.

CISA and the FBI provided recommendations to mitigate cyber threats from CL0P ransomware, including identifying authorized and unauthorized devices and software, establishing a software allow list that only executes legitimate applications, and activating security configurations on network infrastructure devices.