Connect with us

Hi, what are you looking for?


Data Breaches

MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows

Experts believe the Cl0p ransomware gang could earn as much as $100 million from the MOVEit hack, with the number of confirmed victims approaching 400.

Ransomware recovery company Coveware believes the Cl0p ransomware gang could earn as much as $100 million from the MOVEit hack, which has impacted hundreds of organizations.

In a ransomware monetization report published on Friday, Coveware said the percentage of victims that paid a ransom in the second quarter of 2023 fell to a record low of 34%. 

The company noted that the chances of cybercriminals getting paid in the case of attacks that only involve data theft without the deployment of file-encrypting ransomware — such as in the case of the MOVEit hack — the probability of a ransom being paid by the victim is less than 50%, but the ransom amount has been typically higher. 

“While the MOVEit campaign may end up impacting over 1,000 companies directly, and an order of magnitude more indirectly, a very very small percentage of victims bothered trying to negotiate, let alone contemplated paying. Those that did pay, paid substantially more than prior Cl0p campaigns, and several times more than the global Average Ransom Amount of $740,144,” Coveware said.

“It is likely that the Cl0p group may earn $75-100 million dollars just from the MOVEit campaign, with that sum coming from just a small handful of victims that succumbed to very high ransom payments,” it added. 

In the meantime, the Cl0p group has been trying new tactics to get MOVEit victims to pay up, including by setting up dedicated surface web sites for some of the major targets, such as accounting giants EY and PwC

This tactic, which involves posting some of the stolen data for everyone to see, has been used by other groups as well, such as the Alphv/BlackCat gang

Advertisement. Scroll to continue reading.

Anti-malware firm Emsisoft has been tracking the MOVEit hack and it’s currently aware of nearly 400 victims, including organizations that were hit directly and ones that were indirectly impacted. 

For instance, UK-based payroll and HR company Zellis was hit directly and major companies using Zellis services, such as the BBC and British Airways, were impacted indirectly.  

Another example is PBI, which provides research services for the pension, insurance and financial sectors. It appears that several organizations and millions of people had their information compromised through the PBI MOVEit hack, according to data collected by

Based on data from state breach notifications, SEC filings and other public disclosures, Emsisoft believes there are more than 20 million affected individuals. However, Emsisoft’s Brett Callow noted that this number comes from only 66 disclosures, with many victims yet to disclose the number of impacted people.

The MOVEit attack involved exploitation of a zero-day vulnerability that gave cybercriminals access to data transferred by organizations through the managed file transfer solution.

Bitsight reported last week that many organizations quickly addressed the zero-day and other recently discovered MOVEit vulnerabilities, which is not surprising given their notoriety. 

Related: MOVEit: Testing the Limits of Supply Chain Security

Related: After Zero-Day Attacks, MOVEit Turns to Security Service Packs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.