The Clop ransomware group has begun targeting CentreStack, an online service used by several organisations for file sharing. If you are using CentreStack for your corporation, this article is quite important to you.
What's Happening?
Clop is detecting open CentreStack servers on the Internet. After gaining access to these servers, they will post ransom notes requesting payment in exchange for not leaking the files stored on those servers. The exact method that Clop uses to access these servers has not yet been determined: whether it is by way of a new vulnerability in the software that operates the CentreStack program. Or because the server has not been updated with the latest security patches. In either case, servers that are not kept updated will have a very high level of exposure.
Why CentreStack?
CentreStack permits organisations to share files stored on their own servers remotely via an online service, on mobile devices, or computers without requiring the use of a virtual private network. While CentreStack is simple to use, it also has inherent risks, and Clop has identified more than 200 exposed servers within its reach.
Clop's Past
Clop has a history of attacking many other file-sharing sites including Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Transfer. It then steal sensitive data and publishing it online. They have even exploited a vulnerability with Oracle software in order to successfully hit major corporations such as Harvard, The Washington Post and Logitech.
What to Do
If your company uses CentreStack, you must immediately patch/update your CentreStack server and ensure that it is not accessible to the Internet. Because the Clop hacking group targets all businesses, the repercussions of being attacked by them could be extremely serious. So, next time you share a file, think: is it safe? With Clop on the prowl, itโs smart to protect your data before itโs too late.