Illinois state agencies were targeted in ransomware attack by CL0P hackers

Sanjay Gupta, Illinois’ chief information officer, said state security teams have verified “that the vulnerability could no longer be exploited in our system.”

Officials haven’t released information on what information could have been vulnerable — or whether a ransom was demanded for the compromised information, as the gang has done in the past.

The BBC, British Airways and Boots — Walgreens’ UK-based retail and health stores — previously told a combined 100,000 employees that payroll data might have been taken in the same attack on MOVEit systems used by their payroll provider.

Considered “one of the largest phishing and malspam distributors worldwide” by the federal Cybersecurity and Infrastructure Security Agency, CL0P has been blamed for compromising more than 8,000 organizations globally since 2019. 

The latest attack on MOVEit systems was launched earlier in May and discovered June 2.

A separate attack was conducted by the ransomware group in January, using phishing scams and threats to release information. Ransom notes were sent to “upper-level executives” of companies affected by the scams, with the emails claiming to have stolen “important information” from more than 100 victims, federal officials said.

“If you ignore us, we will sell your information on the black market and publish it on our blog,” the ransom notes threatened.

Hackers have targeted Illinois in the past. Illinois Attorney General Kwame Raoul’s office network was breached in 2021,

And Russian hackers went after the state Board of Elections website in 2016.