The Illinois Department of Innovation & Technology announced it is investigating the impact to Illinois after a network of cyber criminals attacked private companies and governments around the world.
According to the FBI and the federal Cybersecurity & Infrastructure Security Agency, the attack is believed to have originated when the cyber criminals exploited a vulnerability in a widely used third party file transfer system.
“We all need to be extremely vigilant against cyber attacks – whether we work in the government or private sector,” said Illinois Department of Innovation & Technology Acting Secretary & State CIO Sanjay Gupta. “DoIT’s Infrastructure and Security teams moved quickly to respond to the attack affecting Illinois’ network, evicting the attacker within three hours and verifying that the vulnerability could no longer be exploited in our system. We are working with all relevant authorities and will provide regular updates to the people of Illinois.”
CISA and the FBI released an alert attributing the worldwide attack to the CL0P Ransomware Gang, which exploited a vulnerability in the third party MoveIT file transfer system.
The site Government Technology reports MOVEit is designed to “secure the transfer of sensitive data,” per the company, and counts both private companies and government agencies around the world among its users.
On May 27, the ransomware groups appears to have exploited a zero-day vulnerability in MOVEit. That's according to the Cybersecurity and Infrastructure Security Agency (CISA).
CL0P has also claimed it had accessed data from hundreds of organizations and said it would start leaking the stolen information this month if demands aren't met, according to Cybersecurity Dive.
Within minutes of the attack on May 31, DoIT said it took immediate action, disconnected all associated systems that utilized the third-party software, and engaged its security incident response team to conduct a forensic analysis. In the following days, the worldwide cyber community began to identify the attackers’ “fingerprints,” and state security officials were able to begin mapping the extent of the attack on Illinois’ systems.
DoIT’s investigation is ongoing and the full extent of this incident is still being determined, but DoIT believes a large number of individuals could be impacted.
DoIT is currently advising impacted agencies and said it will issue public notice of the incident as expeditiously as possible once DoIT finalizes a determination of all people impacted. At that time, DoIT will also offer a call center for impacted parties to answer any outstanding questions and provide assistance.
To maintain security, DoIT urges vigilance about potential threats and continue to equip staff with the necessary resources to prevent future attacks.
