JEFFERSON CITY, Mo. – The State of Missouri Office of Administration, Information Services and Technology Division (OA-ITSD), is investigating the potential impact to Missouri after a network of cyber criminals launched a global attack on private entities and multiple state governments.
Based upon a release by the Cybersecurity & Infrastructure Security Agency, this cyber-attack is believed to have originated when a ransomware gang exploited a vulnerability in a third-party transfer system called MoveIT.
The State of Missouri quickly identified any associations with the MoveIT system and the Office of Administration immediately launched a thorough investigation to determine the extent of the cyber-attack and any agencies and vendors potentially impacted. This investigation is ongoing.
Public notice will be made as quickly as possible once entities, individuals, or systems who may have been impacted are identified.
CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This joint guide provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to help reduce the impact of CL0P ransomware.
The CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer. Internet- facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases.
CISA and FBI encourage information technology (IT) network defenders to review the MOVEit Transfer Advisory and implement the recommended mitigations to reduce the risk of compromise. This joint CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware.
Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.