The City of Toronto has become the latest victim of a cyberattack by the Clop ransomware group, which has been exploiting a vulnerability in a file transfer tool used by many organizations. The city confirmed that some of its data was accessed by unauthorized parties through a third-party vendor on March 20, 2023.
Clop ransomware group is a notorious cybercriminal gang that has been targeting organizations around the world with ransomware attacks, demanding payment in exchange for not leaking or encrypting their data.
The group has been using a zero-day flaw in Fortra’s GoAnywhere secure file transfer solution, which allows remote code execution on servers that have not been patched. According to Clop, they have breached more than 130 organizations using this technique, including Hitachi Energy, Saks Fifth Avenue, Rubrik, Virgin Red, and Pension Protection Fund.
Details shared by the City of Toronto
The City of Toronto said that it is still investigating the impact of the data breach and that it will notify and communicate with any individuals whose information may have been compromised. The city also said that it is committed to protecting the privacy and security of its inhabitants, and that it successfully wards off cyberattacks on a daily basis.
“The City of Toronto is committed to protecting the privacy and security of Torontonians whose information is in its care and control and successfully wards off cyber attacks on a daily basis.”
The data breach in the City of Toronto is another example of how vulnerable organizations are to cyberattacks, especially when they rely on third-party vendors or outdated software. The Clop ransomware group is not the only one exploiting the GoAnywhere vulnerability, as another group called LockBit has also claimed to have hacked the City of Oakland using the same method. Fortra has issued a patch for the vulnerability and urged its customers to update their systems as soon as possible.
Cybersecurity experts recommend that organizations implement best practices to prevent and mitigate ransomware attacks, such as backing up their data regularly, using strong passwords and multi-factor authentication, educating their employees on how to spot phishing emails and malicious links, and keeping their software updated and patched.
Organizations should also have a response plan in case they are hit by a ransomware attack, which includes contacting law enforcement authorities and cybersecurity professionals for assistance.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Hing Keung Lee on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp