Cyber criminals are continuing to exploit a vulnerability in Progress Software’s MOVEit file transfer app, which is used by many thousands of organisations around the world, including IT services firms and managed service providers.
Organisations worldwide whose supply chains use the MOVEit app have suffered a data breach as a result, with customer and/or employee data regularly being stolen.
Over 2,600 organisations and over 77m people have been hit by the hacking of the file transfer service since May this year, according to cyber security vendor Emsisoft, with cyber security firms themselves also affected – like 3m of Avast’s customers.
Corporates affected include British Airways, Maximus, Alogent, Welltok, US Department of Energy, Shell Oil, State of Maine and Genworth. Earlier this week, US car parts firm AutoZone publicly declared it had been a victim of an attack.
With the attacks spreading, there has been an increase in spending on ransomware protection and other cyber security systems, according to a snapshot survey of UK firms commissioned by Veeam Software.
The survey questioned 100 directors of UK companies with over 500 employees, and almost a quarter (24%) reported they were “significantly more anxious” about ransomware attacks as a direct result of the MOVEit breach, while two-thirds (66%) said they were “slightly more anxious”.
As a direct result of MOVEit, 42% of businesses in the survey have invested in backup and recovery, and 29% have optimised their existing strategy to ensure they have accurate and easily recoverable data to fall back on in the event of a compromise.
In addition, 41% have increased their spend on wider cyber security solutions, and 31% took out a cyber insurance policy.
Dan Middleton, vice president UK&I at Veeam, said: “MOVEit cyber-attacks have changed the discourse around ransomware and thrust the issue front and centre into the public domain. While it has sadly become an inevitability for businesses, protection is possible.
“Businesses need to achieve ‘radical resilience’ against ransomware by developing a data protection and ransomware recovery strategy that goes beyond the basics.”