MOVEit Vulnerability: What to Know and What to Do
Client Alert | 2 min read | 06.07.23
A new Cybersecurity & Infrastructure Security Agency (CISA) alert advises that, starting in late May, a well-known ransomware group called Clop compromised a widely used managed file transfer (MFT) platform called MOVEit Transfer, reportedly impacting hundreds of companies globally.
MFT platforms are used to securely transfer files between parties, and Clop reportedly compromised MOVEit Transfer using a previously unknown (zero-day) vulnerability that allowed attackers to steal files from MOVEit’s underlying database. This vulnerability is now tracked as CVE-2023-34362.
Clop has previously targeted MFT platforms such as Accellion and has shown that it is prepared to follow through on threatened next steps. In this case, Clop is threatening to identify victim companies on the Clop site as soon as June 14 and then, if a ransom is not paid, publish victims’ stolen data. In prior attacks, Clop has also reportedly contacted victim companies directly with ransom demands, sometimes weeks or more after the attack. We do not recommend that victims contact threat actors like Clop directly but instead work with experts to do so safely, if necessary.
Organizations that may be victims of this attack should consider the following steps:
- Organizations that used the MOVEit Transfer platform with its web interface exposed to the internet should consider initiating a privileged investigation to determine if they were impacted by this attack.
- Organizations with vulnerable MOVEit Transfer systems should consider reviewing available guidance and patching information from Progress Software, the maker of MOVEit Transfer, and be vigilant for additional attempts at exploitation and data theft, as well as other attacks targeting these systems (e.g., the deployment of ransomware encryptors). Progress Software, the maker of MOVEit, has provided information about the vulnerability, patching and recommended mitigation here: https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability.
- If your organization was impacted, assess the attacker’s level of access and what data was compromised.
- Based on the data compromised, determine your organization’s notification requirements under applicable laws, regulations, and contracts.
- Organizations should also consider reviewing their supply chains and other counterparties to determine if their data may have been exposed through third parties’ use of the MOVEit Transfer platform.
Crowell & Moring attorneys are monitoring developments and stand ready to support affected businesses.
Contacts
Counsel
She/Her/Hers
Insights
Client Alert | 4 min read | 04.14.25
Foreign Corrupt Practices Act (“FCPA”) enforcement has been fairly predictable for many years as the Fraud Section of the Department of Justice (“DOJ”) has maintained exclusive authority over investigating claims and bringing enforcement actions in federal courts across the country. President Trump’s recent pause on FCPA enforcement, the first of its kind since the statute was passed in 1977, has created significant uncertainty for individuals and businesses operating internationally regarding the future of FCPA enforcement. While DOJ is in the process of assessing what the future of FCPA enforcement, state attorneys general are stepping in. On April 2, California Attorney General Rob Bonta issued a Legal Advisory (the “Advisory) to California businesses explaining that violations of the FCPA are actionable under California’s Unfair Competition Law (UCL). The announcement signals a shift in FCPA enforcement where states may take the lead and pursue FCPA enforcement through their state unfair competition laws.
Client Alert | 4 min read | 04.10.25
Hikma and Amici Curiae Ask Supreme Court to Revisit Induced Infringement by Generic “Skinny Labels”
Client Alert | 1 min read | 04.09.25
Client Alert | 12 min read | 04.09.25
