Cyber Attak
Oil and gas giant, Shell, confirms it was impacted by Clop ransomware attacks.

Oil and gas giant Shell has confirmed that it was impacted by the Clop ransomware attacks. The Clop ransomware gang breached the MOVEit file transfer tool, and Shell was listed as one of the victims on the group's extortion site. This is the second time that Shell has been targeted by the Clop gang through a file transfer service.

Shell, a British oil and gas multinational, employs over 80,000 people globally and reported revenues exceeding $381 billion last year. A spokesperson for Shell stated that the cyber security incident affected a third-party tool called MOVEit Transfer, which is used by a small number of Shell employees and customers.

The spokesperson emphasised that there was no evidence of impact on Shell's core IT systems and that their IT teams were actively investigating the incident. They also clarified that Shell was not engaging in communication with the hackers.

"We are aware of a cyber security incident that has impacted a third-party tool from Progress called MOVEit Transfer which is used by a small number of Shell employees and customers," said a spokesperson from Shell corporation.

The Clop ransomware attacks on MOVEit have affected several organisations in the United Kingdom, including the BBC, British Airways, Aer Lingus, Boots, and Ofcom, the country's communications regulator. While Shell and Ofcom appear to have experienced less significant impact as direct users of the MOVEit tool in limited settings, other companies face potentially greater exposure due to their use of a third-party supplier called Zellis, which utilised the file transfer tool for payroll services.

Ofcom confirmed that a limited amount of information was downloaded in the attack, including confidential data related to the companies it regulates and the personal data of 412 Ofcom employees. Transport for London, responsible for public transport in the capital, also confirmed being impacted by the incident.

They stated that one of their contractors had suffered a data breach, but the issue has been resolved, and the IT systems have been secured. However, the personal data of up to 13,000 drivers on Transport for London's databases was stolen, affecting a contractor operating the city's congestion and parking charges schemes.

Professional services firm EY has also reported being impacted by the Clop attacks. It is unclear whether EY was a Zellis customer or if they used the MOVEit Transfer tool directly. Both the BBC and British Airways confirmed Zellis users, have warned their entire payrolls that their data may have been compromised.

Clop's first attack on Shell occurred in 2021 when the gang targeted Accellion's file transfer appliance, aiming to extort companies by threatening to leak stolen sensitive information. This attack affected over 100 organisations worldwide, including universities in the United States and the Canadian aerospace manufacturer Bombardier. Earlier this year, Clop exploited a vulnerability in Fortra's GoAnywhere file transfer product, allowing them to steal data from more than 130 companies, governments, and organisations.

It is still unknown how many organisations were attacked and penetrated as a result of this. However, the Clop ransomware group has not yet published the entire report.
Despite this, Shell released a statement saying: "There is no evidence of any impact to Shell's core IT systems because the file transfer service is isolated from the rest of Shell's digital infrastructure."

The organisation also stated that they have been collaborating with the cyber security team and authorities to further investigate this event. They are also in contact with the persons who have been affected in order to address the potential risk of this incident.

Progress, the software company behind the MOVEit tool, recently announced a second vulnerability affecting the software. This follows multiple breach announcements resulting from issues with the programme.

As the investigation into the Clop ransomware attacks on MOVEit continues, affected organisations are working diligently to mitigate the impact and secure their systems. Cybersecurity remains a crucial concern for companies across various sectors as they strive to protect their sensitive data from the ever-evolving threat landscape.