Fall Regulatory Summit

Internal Use Only

MOVEit Transfer Incident: Overview

A zero-day vulnerability associated with Progress Software’s MOVEit Transfer Software was discovered in late May 2023

The vulnerability was exploited by Clop, a Russian ransomware threat actor

Sensitive data, including PII from financial institutions and service providers, was rapidly exfiltrated Data encryption was not used in this attack; instead, Clop utilized extortion techniques to encourage ransom payments More than 1,100 direct and indirect victims have been identified Data for more than 56,000,000 individuals was stolen Clop has published stolen data from most victims using torrent sites Experts estimate Clop will see $75-$100 million in profits