Data belonging to a client of recently hacked California-based private cloud solutions company Accellion is being advertised for sale online by cyber-criminals.
On the website Clop Leaks, ransomware gang Clop are claiming to have in their possession an unspecified amount of information belonging to the Steris Corporation. Steris is an American Ireland-registered medical equipment company specializing in sterilization and surgical products for the US healthcare system.
Documents that appear to have been stolen include a confidential report about a phenolic disinfectant comparison study dating from 2018 that bears the signatures of two Steris employees— technical services manager David Shields and quality assurance analyst Jennifer Shultz.
Another document appears to contain the formula for CIP neutralizer, a highly confidential trade secret owned by Steris Corporation.
“Clop is known to use data stolen from one organization to attack (spear phish) others,” Emsisoft’s Brett Callow told Infosecurity Magazine.
“This is why, for example, there was a cluster of cases in Germany. So any organization that has had dealings with one of the compromised entities should be on high alert.”
Steris did not immediately respond to Infosecurity Magazine’s request for comment. Accellion customers have been suffering cyber-attacks since the end of 2020.
Other companies that Clop claim to have stolen data from include Singtel, Jones Day, Inrix, ExecuPharm, Planatol, Software AG, Fugro, Nova Biomedical, Amey Plc, Allstate Peterbilt, Danaher, and the CSA Group.
Asked what advice he would give to companies that discover their data is being hawked online, Callow said: “It really makes no sense for companies to pay to prevent the publication of their data. There have been multiple instances in which threat actors have published or otherwise misused information after their victims have paid the ransom.
“In some cases, actors have even used the same data to attempt to extort companies a second time. And this is really not at all surprising. These groups are untrustworthy bad actors and it would be a mistake to assume that they will abide by their promises.”