This week, Crown Resorts, a major Australian casino company, acknowledged that they were contacted by the Cl0p ransomware group claiming responsibility for the data stolen in the GoAnywhere attack.
The incident occurred in late January, when a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software was exploited to access files belonging to Fortra customers. It was attributed to a Russian-speaking threat actor associated with the Cl0p ransomware, which recently started adding the names of alleged victims to its Tor-based leak site. The ransomware operators have claimed the theft of data from roughly 130 organizations, including Community Health Systems, Hitachi Energy, Hatch Bank, Rubrik, Atos, City of Toronto, Procter & Gamble, Pluralsight, Saks Fifth Avenue, UK’s PPF, Virgin Red, and Rio Tinto.
Several of the impacted organizations told SecurityWeek that the stolen data poses no threat to customers or employees, and Crown Resorts also confirmed that no customer data has been compromised and their business operations have not been impacted.
German insurer giant Munich Re, which was also added to Cl0p’s leak site, stated that the incident only impacted some test files. Fortra may face a class action suit as a result of the cyberattack, a complaint filed with the US District Court for the District of Minnesota shows.
The largest gaming and entertainment group in Australia, Crown Resorts operates large complexes in Melbourne, Perth, and Sydney. It was acquired by US private equity firm Blackstone in 2022.
In conclusion, Australian casino giant Crown Resorts this week confirmed that the Cl0p ransomware group contacted them to claim the theft of data as part of the GoAnywhere attack. The attack impacted over 130 organizations, including Crown Resorts, however, no customer data was compromised. The ransomware operators added the names of alleged victims to its Tor-based leak site, and Fortra may face a class action suit as a result of the cyberattack.
Key points:
- Crown Resorts this week confirmed that the Cl0p ransomware group contacted them to claim the theft of data as part of the GoAnywhere attack
- The attack impacted over 130 organizations, including Crown Resorts, however, no customer data was compromised
- The ransomware operators added the names of alleged victims to its Tor-based leak site
- Fortra may face a class action suit as a result of the cyberattack