Shadowy Russian-speaking gang which sparked data scare with huge cyber-attack trends now
Fears are growing that BBC stars whose personal details have been exposed in a massive cyber-attack by a shadowy Russia-linked gang will be held to ransom for millions, MailOnline can exclusively reveal today.
The group of cybercriminals who dub themselves the 'Clop team' has been active since at least 2015 and is thought to be responsible for yesterday's attack which saw more than 100,000 employees from the BBC, British Airways and Boots have their data compromised.
The gang unleashes malware 'hack and leak attacks', extracting employee data from companies before exposing them online.
Criminals will then hold the information at ransom until companies, and sometimes individuals, pay large sums of cryptocurrency, anywhere between hundreds of thousands to tens of millions of pounds, to have it removed.
To date, the seedy gang has been responsible for three major attacks, affecting individuals all over the world, and seeing law enforcement officers from the United Kingdom, United States, South Korea and Ukraine all joining forces to expose the group.
Last year six members of the 'Clop' gang were arrester in Ukraine following a similar attack on South Korean and American organisations
Hackers from the Russian-speaking gang are said to be behind the attack that has affected thousands of staff from the BBC, Boots and British Airways
Between December 2020 and January 2021, the gang infiltrated Accellion File Transfer Appliance which was used by 25 organisations across the globe.
A month later, data extracted from the companies appeared to be dumped online, under the gang's secret website, with victims receiving extortion demands from the group which dubbed itself 'the CLOP ransomware team'.
Earlier this year, the group targeted a similar service called GoAnywhere, with the group claiming it had stolen data from 130 organisations in what is called a 'hack and leak' attack.
In one joint law enforcement operation between Ukraine, the US and UK, Ukrainian police swooped in, seeing six people, believed to be part of the Clop gang, arrested in the Kyiv region.
The hackers had been involved in a ransomware attack on American South Korean companies. Four South Korean companies were attacked with the Clop virus in 2019, with 810 employees computers being blocked.
While in 2021, the gang members carried out an attack, taking personal data and financial reports from Stanford University School of Medicine, University of Maryland and University of California.
In a similar ploy, the groups had demanded a ransom fee for decrypting the data, threatening to publish confidential details if the money was not handed over. The total amount of damages was said to be 500 million dollars.
Now security experts claim the dubious criminals are behind the attack on the Bristol-based payroll provider Zellis, who provides services for the BBC, British Airways and Boots, among five other companies.
Home addresses, bank details and national insurance numbers have all been stolen.
The attack means that the broadcast Corporation's biggest stars, such as Gary Lineker, Naga Munchetty and Amol Rajan, could all see their data being held for ransom by the group.
And this 'won't be the last of these attacks', according to Rafe Pilling, Director of Threat Research, at US cybersecurity firm Secureworks.
According to Mr Pilling the group, believed to be behind the Zellis attack, are 'Russian speaking' and 'most likely distributed across Russia and Commonwealth Independent State' countries, which include Azerbaijan, Belarus and Ukraine.
The cyber attack targeted Zellis, a payroll provider used by hundreds of companies in Britain
