CISA, FBI warn health systems and others of Clop MFT ransomware tactics

The Clop Ransomware Gang, also known as TA505, has been exploiting a vulnerability in Progress Software’s managed file transfer tool, MOVEit Transfer. Progress Software has issued guidance on affected versions and recommendations for mitigation. The ransomware gang is using a web shell called LEMURLOOT to target the tool. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities Catalog and is urging IT network defenders to review the advisory and implement the recommended mitigations. Clop is giving organizations until June 14 to negotiate payment or face data leaks.