More than 100,000 employees at companies worldwide have been told that their stolen payroll data – including bank details, national insurance numbers and home addresses – will be publicly shared if they fail to email Russia-based hackers Clop Group by June 14.

The Clop Group reportedly found and infiltrated a flaw in the popular business software system MOVEit Transfer. UK-based payroll provider Zellis is one of the MOVEit system’s users – and, by proxy, so are its thousands of global clients.

Zellis has announced that eight of its customers have been impacted, but only six organisations have announced a data breach: the BBC, British Airways, Boots, Aer Lingus, University of Rochester, and the Nova Scotia government.

Cybersecurity analysts at Microsoft had previously identified techniques used as similar to those in previous Clop hacks. The ultimatum, posted on the dark web, confirmed suspicions of the ransomware group’s involvement.

Typically, cybercriminals send ransom demands to hacked organisations by email. Experts have said that this abnormal tactic of coercing victims into making first contact could be because Clop itself cannot keep up with the scale of the hack as it unfolds around the world.

Clop Group is a criminal cybergang, rather than a state organisation. Mainly operating on Russian-speaking forums, Clop offers ransomware tools for external hackers to rent and carry out cyberattacks.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

In 2021, six Clop hackers were arrested in Ukraine. Authorities claimed that the group was responsible for extorting $500m from victims around the world. Clop was also linked with NHS patient data hacks in 2022.

Russia has long been accused of sheltering hackers but repeatedly denies such charges. Suspicions of a state-backed attack have been stirred by Clop’s targeting of the UK’s national airline (BA) and national broadcaster (BBC). Cyberattacks have also been one of the Kremlin’s main weapons of choice during Russia’s invasion of Ukraine.