The GoAnywhere breach that occurred in March has potentially impacted 130 companies globally. In Australia major organizations like Rio Tinto, Crown Resorts, Meriton have been impacted; overseas and the list of victims continues to grow, with the Fintech company Hatch Bank and in Japan Hitachi Energy have also impacted . The cyber attack was carried out by a group known as Clop ransomware, which conducted the attack over a 10-day period, starting on January 30.
Background on the GoAnywhere Breach
GoAnywhere is a managed file transfer (MFT) solution that helps organizations securely exchange sensitive data with external partners. The platform's wide adoption by companies across various industries has made it an attractive target for cybercriminals.
The Clop ransomware group is known for its targeted attacks on high-profile companies, seeking to extort them for financial gain. This group has a history of stealing sensitive data and threatening to release it publicly unless a ransom is paid.
The Tasmanian government - one of many institutions impacted globally
At a press conference on Monday, Science and Technology Minister Madeleine Ogilvie said it appeared no government-held data had been compromised in the hack of a file sharing site, by the ransomware group Cl0p.
The government of Tasmania is looking into claims that it was attacked by the Clop ransomware group, which has spent weeks exploiting a vulnerability in a popular file sharing tool.
But on Wednesday, Ms Ogilvie said the investigations had found there was a risk financial data, held by the Department for Education, Children and Young People, had been accessed — but added there was "no confirmation such information has been stolen" and reiterated "no Tasmanian government IT systems have been hacked".
Dozens of governments, businesses and schools – from the City of Toronto to Virgin and Hitachi – have come forward to say data was stolen through a bug affecting Fortra’s GoAnywhere file transfer product. In February, Clop claimed it had attacked more than 130 organizations and it has slowly been adding names to its list of victims since then.
On Friday, Clop addedTasmania, an island state in Australia, to its list alongside several more companies and the U.K. Pension Protection Fund.
Fintech banking platform Hatch Bank has also reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. Also Consumer goods giant Procter & Gamble
In the U.S Hatch Bank is a financial technology firm allowing small businesses to access bank services from other financial institutions.Consumer goods giant Procter & Gamble
In Japan, Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a GoAnyway zero-day vulnerability.
Timeline and Impact of the Breach
The attack began on January 30 and continued for ten days, affecting a potential 130 companies, including Rio Tinto, Crown Resorts, and Meriton. The breach exposed sensitive data and disrupted business operations for these organizations. The exact extent of the damage and the specific datacompromised are still being assessed, but the incident has raised concerns over the security of third-party services and the need for organizations to bolster their cybersecurity defences.
Response from Fortra
Fortra, the company behind GoAnywhere, has faced backlash for its response to the fiasco. Several customers told TechCrunch last week that the company told them their data was safe when it was not.
When asked for a response to the most recent claims, Fortra said it would not comment on specific customers but listed off several actions it has taken to address the issue.
Fortra spokesperson Rachel Woodford would not comment but did not dispute what the two organizations had told us or that Fortra had told customers their data was safe. Fortra did not make CISO Chris Reffkin available for an interview.
In response to the breach, Fortra, the company that owns the GoAnywhere platform, claims it has implemented several measures to prevent the attack from escalating further. The organisation claims that immediate steps were used to isolate the affected systems with containment and security patching was implemented.
However the Fortra has received harsh criticism of the level of transparency in its communication with affected clients, not providing regular updates on the situation and the steps taken to mitigate the risks.
Lessons Learned and Recommendations
The GoAnywhere breach highlights the growing threat landscape faced by organizations and the importance of robust cybersecurity measures. Companies should consider the following recommendations to protect their digital assets with constant and regular assessments and update security protocols and ensure open dialogue with software vendors with regular software version updates.