Procter & Gamble is the latest big GoAnywhere zero-day victim

Representational image of a cybercriminal
(Image credit: Pixabay)

Procter & Gamble (P&G) is the latest organization to have confirmed having sensitive employee data stolen by the Clop ransomware group. 

The consumer giant has confirmed being breached in a statement given to BleepingComputer, noting, “P&G can confirm that it was one of the many companies affected by Fortra's GoAnywhere incident." 

"As part of this incident, an unauthorized third party obtained some information about P&G employees," Procter & Gamble told the publication.

Long list of victims

While the company does not name Clop as the perpetrators behind this incident, it is quickly becoming well-known that the ransomware gang successfully leveraged a security flaw in Fortra’s secure file-sharing tool and compromised sensitive data belonging to dozens, if not hundreds of firms. 

So far, Clop has added tens of organizations on its data leak site, including Hitachi Energy, Hatch Bank, and Saks Fifth Avenue, and the hackers claim to have compromised 130 organizations - but haven’t listed all of them just yet.

In this particular incident, P&G says payment data was not taken:

"The data that was obtained by the unauthorized party did not include information such as Social Security numbers or national identification numbers, credit card details, or bank account information,” the company said.

"When we learned of this incident in early February, we promptly investigated the nature and scope of the issue, disabled [the] use of the vendor's services, and notified employees."

There is no evidence that Clop stole customer data, P&G also added, and concluded that the company’s business operations are “continuing as normal”.

Some sources claim Clop is a ransomware operator with ties to the Russian Federation. There is no information on the amount of money the group demands in exchange for not publishing the data online.

"We want to inform you that we have stolen important information from your GoAnywhere MFT resource and have attached a full list of files as evidence," the group says in the ransom note, according to the media. 

"We deliberately did not disclose your organization and wanted to negotiate with you and your leadership first. If you ignore us, we will sell your information on the black market and publish it on our blog, which receives 30-50 thousand unique visitors per day."

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.