Australian casino giant Crown Resorts this week confirmed that the Cl0p ransomware group contacted them to claim the theft of data as part of the GoAnywhere attack.
The incident occurred in late January, when a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software was exploited to access files belonging to Fortra customers.
The exploitation of the bug – tracked as CVE-2023-0669 and patched in early February– was attributed to a Russian-speaking threat actor associated with the Cl0p ransomware, which recently started adding the names of alleged victims to its Tor-based leak site.
The Cl0p ransomware operators have claimed the theft of data from roughly 130 organizations that used GoAnywhere, with some of them already confirming potential impact, including Community Health Systems, Hitachi Energy, Hatch Bank, Rubrik, Atos, City of Toronto, Procter & Gamble, Pluralsight, Saks Fifth Avenue, UK’s PPF, Virgin Red, and Rio Tinto.
Several of the impacted organizations told SecurityWeek that the stolen data poses no threat to customers or employees.
In a public statement on its website, Crown Resorts this week confirmed that it was a Fortra customer and that the Cl0p ransomware operators contacted it to claim the theft of company data:
“We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority.
“We can confirm no customer data has been compromised and our business operations have not been impacted. We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.”
The largest gaming and entertainment group in Australia, Crown Resorts operates large complexes in Melbourne, Perth, and Sydney. It was acquired by US private equity firm Blackstone in 2022.
This week, German insurer giant Munich Re, which was also added to Cl0p’s leak site, stated that the incident only impacted some test files.
“Munich Re currently has no contractual relationship with the company affected. For test purposes, only test files with meaningless content were sent, i.e. containing no business, client or personnel data,” the company said.
Fortra may face a class action suit as a result of the cyberattack, a complaint filed with the US District Court for the District of Minnesota shows. Per the complaint, the company failed to properly secure the MFT service, which led to the January data breach that impacted over 139,000 individuals.
Related: GoAnywhere Zero-Day Attack Hits Major Orgs
Related:ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
Related:14 Million Records Stolen in Data Breach at Latitude Financial Services
Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims