Ofcom falls victim to ransomware cyber-attack

Ofcom’s HQ

UK media and telecoms regulator Ofcom has revealed that data on its employees and those of companies it regulates have been stolen by a cyberattack on the MOVEit managed file transfer service that it has been using.

The large-scale attack on the MOVEit service, operated by Progress Software, affected data held by a high-profile organisations including the BBC.

The Russian-speaking ‘Clop gang’ of hackers, a well-known Ransomware group, were responsible for the cyberattack. The gang have reportedly contacted affected companies to tell them to begin negotiations with it or it will release confidential data on the dark net.

MOVEit is designed to move sensitive files securely.

“Ofcom is one of many organisations affected by the MOVEit cyber-attack. A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack,” the regulator said.

“The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously. We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues. No Ofcom systems were compromised during the attack.”

Cybersecurity threats are once again on the increase after a decline last year, according to a report by Orange.

According to the latest Orange Cyberdefense report, cyber extortion activity reached the highest volume ever recorded in Q1 of this year after a decline of 8% in 2022.

Businesses in 96 different countries were impacted by cyber extorition in 2022, equating to nearly half (49%) the countries in the world. However, since 2020 Orange Cyberdefense has recorded victims in over 70% of all countries worldwide.