GoAnywhere Breach Exposes Sensitive Data of Crown Resorts, Rio Tinto
A significant data breach at software company GoAnywhere has left several large Australian entities, including Crown Resorts, vulnerable. The attack, attributed to the notorious ransomware gang Cl0p, has resulted in the theft of sensitive information and ransom demands.
The breach occurred in January 2023, with Cl0p reportedly gaining access to GoAnywhere's MFC platform in late February. Since then, the gang has been leaking stolen data from non-Australian entities on the dark web. Cl0p is known for targeting high-profile organisations and has allegedly extorted over USD500 million from entities worldwide in the last five years.
Crown Resorts was one of the affected Australian entities. The casino operator received a ransomware demand on March 27, with the cybercriminals claiming to have obtained some of Crown's files. However, it's unclear if Crown was aware of the breach before the demand. Other Australian entities affected include Rio Tinto, which confirmed that January 2023 payroll information for a small number of employees was stolen.
European IT giant ATOS also confirmed it lost data in the GoAnywhere breach. Cl0p has targeted around 130 entities worldwide, with some clients only learning of the attack when they received ransom demands. The exact date of the GoAnywhere attack remains unknown, but it was reported on February 2, with Fortra becoming aware on January 30.
The GoAnywhere data breach has highlighted the growing threat of ransomware attacks on large organisations. With Cl0p's history of targeting high-profile entities and extorting significant sums, affected companies are urged to enhance their cybersecurity measures. Investigations are ongoing, and affected entities are working with law enforcement agencies to mitigate the impact of the breach.
