According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), several U.S. federal government agencies have fallen victim to a global cyberattack that exploits a vulnerability in commonly used software. CISA is working diligently to assess the extent of the impact and facilitate timely remediation measures. No specific agencies are being called out in this attack, but government officials have admitted there are a few in this attack involving MOVEit software.

MOVEit is a file-transfer software developed by Progress Software Corporation. It is widely used by organizations for secure and managed file transfers. It provides a reliable and controlled method of transferring files both within an organization and between different entities. It offers encryption and advanced security features to protect files in transit. Recently, a zero-day vulnerability against MOVEit file transfer software was discovered. Government agencies were ordered to immediately apply the patch released by the developer.

It remains uncertain whether the hackers responsible for breaching these federal agencies are affiliated with the Russian-speaking ransomware group known as Clop, which has claimed responsibility for numerous other victims in their hacking campaigns. Notably, this includes a recent attack against a third-party agency providing human resources services to the British Broadcasting Corporation (BBC) and British Airways.

While several agencies, such as the Transportation Security Administration (TSA) and the State Department, denied being victims of this particular attack, the incident contributes to an increasing number of victims affected by an extensive hacking campaign initiated recently. Other targets have included major U.S. universities, including the University of Georgia system, as well as various state governments.

As with all ransomware attacks, the attackers set a deadline for victims to contact them regarding ransom payment at less than a week from the date of the attack. Per the usual tactics, after the deadline for the payment expires, they claim they will disclose additional alleged victims on their dark web extortion site. And as usual, anyone who receives a ransomware note should not pay the ransom. Criminals in general are not known to stand by their word and it’s likely they will disclose the information whether they get payment or not.

In addition, make regular backups of any important data that may be vulnerable and keep those copies out of reach, meaning off the network. Test them once in a while too, to make sure they are ready to go in case you need them. You’ll be happy if you do.

This latest hacking campaign underscores the widespread impact that a single software vulnerability can have when exploited by skilled criminals. It is crucial to update any outdated software versions on systems and devices. For products that are no longer supported, such as Microsoft Internet Explorer, users should transition to a supported version. Once developers end support for a product, they no longer create patches to address such vulnerabilities.