Investissement Québec Hit by Clop Gang as Reports of GoAnywhere Bug Exploits Grow

Clop chief suspect in Rio Tinto hack, Kimsuky uses Chrome extension to steal Gmails, Researchers warned about Pinduoduo weeks before Google banned it, FTC seeks cloud security info, much more

Photo by Lars Kienle on Unsplash

The number of victims affected by a mass-ransomware attack caused by a bug in Fortra’s GoAnywhere file transfer software continues to grow, with Canadian financing giant Investissement Québec confirming that the Clop ransomware gang recently stole some employee personal information.

Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere. It isn’t clear if Fortra, which has not publicly commented on the incident, knows which customers are affected, and their spokespeople have refused to comment.

Details on the GoAnywhere flaw only came to light on February 2 after security reporter Brian Krebs first reported details of the bug, which Fortra had hidden behind a login screen on its website. Fortra released security fixes for GoAnywhere five days later, on February 7.…