Swiss health insurer and holiday provider confirm data theft by Russian gangs

The ransomware gang Clop fulfilled their threat: on the leak site of the notorious cybercriminals, numerous names of some well-known companies were praised on Thursday. Among them: the world’s largest mineral oil and natural gas company Shell, but also the Swiss health insurer ÖKK and the holiday park operator Landal, which is also active in this country.

The outflow of data has so far remained limited, according to research by Watson. More casualties are likely to follow.

The history:

Last week, the Russian-speaking gang announced on their dark web leak site that they had massively hacked businesses thanks to a little-known vulnerability in a file transfer tool. The cybercriminals did not name names at the time, but asked those affected who used the associated software tool to contact them by June 14, 2023 at the latest.

Important to know: These are not ransomware attacks where the attackers try to encrypt their victims’ IT systems with malware.

The perpetrators exploited vulnerabilities in the MOVEit Transfer software to secretly steal data from the servers. And now, as part of the “Hack and Leak” attack, they are threatening to publish the data on the dark web.

That says the affected health insurer

watson has on Swiss health insurance company ÖKK early. The Graubünden company confirms a corresponding cyber attack in connection with the file transfer software MOVEit Transfer.

“We are among the presumably many affected. Our core health data system is not affected,” explains Patrick Eisenhut, Head of Communications, ÖKK. Personal data such as first and last name are affected.

“We have taken immediate measures and are working with external partners,” says the ÖKK spokesperson. The cybersecurity specialists have “given all-clear so far” and the affected platform (MOVEit Transfer) has been rebooted.

The partner organizations have already been informed and are currently investigating whether they can inform customers directly.

According to the description on its website, ÖKK is an insurance company with 30 branches operating throughout Switzerland. Customers: Approximately 190,000 individuals and 13,000 companies and public institutions. The annual premium volume is 800 million Swiss francs. ÖKK employs about 490 people and about 15 apprentices.

What does Landal say?

Simone Clemens, media spokeswoman for Landal GreenParks, upon request from watson, confirms that the company uses MOVEit software, which is used worldwide. As reported in the news, cyber criminals have managed to hack into this software.

As a precaution, the Dutch Data Protection Authority and the guests have been informed. In addition, the server in question was immediately shut down and reconfigured “to ensure that unauthorized persons no longer have access”.

The media spokeswoman explains:

How many victims are there in total?

This is unknown. Hundreds of companies and organizations around the world have reportedly used MOVEit Transfer file transfer software.

Clop’s dark web page lists a few new names so far, including:

As the example of ÖKK shows, the question is whether these organizations have suffered major data breaches.

Could there also have been massive data breaches?

“Absolutely,” says Swiss IT security expert Marc Ruef.

Estimating the scope and effects of the Clop massive attack is very difficult. An “exploitation” (taking advantage of the vulnerability) started very early and misled many companies.