Clop ransomware making grounds, security company Qualys also affected

Get a free Techzine subscription!

Qualys, a company specialising in cloud security, appears to be the latest victim of the Clop ransomware circulating recently. Internal files of the company have appeared on the blog of the hackers behind Clop.

The French website LeMagIT brought the news to light. The attackers behind the ransomware have stated on their blog on the dark web that they hacked into security company Qualys. The attack used a vulnerability in Accellion’s FTA software. This software is used by companies to send large files over the internet.

Several companies hit

Several companies have already fallen victim to the ransomware. Bleeping Computer lists names such as Transport for NSW, Singtel, Bombardier, Fugro, Jones Day, Danaher and ABS Group. Data from the companies was encrypted, after which they received a message with a .onion link to a page with information about the stolen data. The attackers ask to contact them within 24 hours and stress that they are only after money and do not want to cause any further harm.

It is unknown whether Qualys also received such a message, but it is clear that the vulnerability in Accellion FTA was used. According to Bleeping Computer, Qualys made use of an FTA device at the address fts-na.qualys.com and the IP address to which this URL was connected belonged to Qualys. The device has since been disabled, but the damage has been done.

Only isolated server hit

Qualys has responded to the news in a blog post. The company stresses that the hack has no impact on the production environments, codebase and customer data that Qualys manages. Qualys’ platforms continue to work without interruption. Qualys further writes that the Accellion FTA server was isolated from the rest of the Qualys network.

Accellion is aware of the vulnerability and has since released a patch for its software. Qualys installed that patch, but not before attackers gained access to data on Qualys’ FTA server. Data outside the server was not affected.

SolarWinds

That hackers hit a security company is striking but not unique. A few months ago, security company FireEye fell victim to a hack. Here, too, third-party software was used, namely SolarWinds Orion. However, in FireEye’s case, the investigation of the hack led to the discovery of the largest cyber attack in recent history, affecting thousands of companies, as well as government organisations.

Tip: Cybercriminals target top executives to force ransom payment