With the financial services firm 1st Source Corporation confirming that they were impacted by the MOVEit File Transfer vulnerability exploitation, the number of impacted individuals skyrocketed.
The MOVEit cyber attack count rose from 19,879,769 on July 18 to over 20 million today. The 20 million MOVEit victims were from the 66 disclosures made, besides the 384 organizations that were reportedly affected but have not yet confirmed.
The remaining 384 organizations are yet to state numbers in terms of individuals affected due to the compromise of their data through MOVEit or related third and fourth-party breaches.
Over 20 million MOVEit victims confirmed!
MOVEit toll on individuals was over 19 million when the number of organizations affected was 368. This included 54 government agencies, according to threat analyst Brett Callow. Today, the exact number of individuals affected was 20,421,414.
This included 70 schools, 20 public sectors, and 31 international public sectors to make the number as high as 20 million of MOVEit victims.
The 1st Source Corporation cyber attack through MOVEit allowed hackers to gain access to data belonging to its commercial and individual clients. The bank disclosure as shown in the above screenshot read that the total number of persons affected was 450,000.
Out of the affected persons, 90 were Maine residents. The ransomware attack at 1st Source Bank occurred on June 1, 2023, and was discovered on the same day by the bank.
20 million MOVEit victims, ransom payments and beyond
Cl0p, which aimed to make money out of the MOVEit cyber attack, similar to the Accellion FTA cyber attack and Fortra’s GoAnywhere security breach, may not succeed with companies denying ransom payment.
While companies may succumb to the demands of ransomware groups when they have stolen data from their systems, there are others that are clear about not encouraging cybercriminals.
Ofcom spokesperson told TechCrunch that it has not made ransom payments going by the advice from the National Cyber Security Centre.
Ofcom is the UK’s communications regulator that monitors TV, radio, and video. Ofcom or Office of Communications released a statement confirming being impacted by the MOVEit cyber attack in June 2023.
“A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack,” the statement by Ofcom stated.
Exploring the Numbers: 20 Million MOVEit Victims and Ransomware Stats
According to a 2022 Statista research, it was found that out of the 71% of organizations that suffered a ransomware attack, nearly 62% paid a ransom. However, not all got their exfiltrated information back.
Of the victims that paid the ransom to hackers, nearly 72% recovered their data. While the remaining could not. This highlights, that not all ransomware groups will legitimately give access to data after receiving a payment.
They may either make a higher demand or not release the data despite having their ransom demands met.
“As new approaches to ransomware like double extortion continue to pay off, attackers are demanding higher ransom payouts than ever before,” a Panda Security report noted. The average ransom demand noticed in the first half of 2021 was about $5.3 million.
While the average ransom payment in the same timeline was nearly $570,000. A sum of $20 billion was lost in 2021 to ransomware, globally.
This amount is expected to reach $265 billion by 2031 making it all the more important to create faster defenses against ransomware and create awareness to decrease human errors leading to cyber attacks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
