Australia’s leading gambling and entertainment enterprise, Crown Resorts, recently confirmed that it has suffered a data breach. This is following an incident where its GoAnywhere file-sharing server was penetrated by attackers who exploited a zero-day vulnerability to acquire access.

Owned by Blackstone, the entertainment giant has a recorded annual revenue that exceeds $8 billion and runs complexes in major cities in Australia like Melbourne, Sydney, and Perth, as well as further afield in London and Macau.

Ransomware operators at work

This devastating data breach was performed by the infamous Clop ransomware gang. In the last year, the cybercriminal outfit has switched up its tactics, moving from encrypting data files to conducting dedicated data extortion attacks.

February this year saw the threat operators claim to have stolen a massive data haul from 130 organisations during a 10-day attack spree, employing a zero-day vulnerability in the secure file-sharing solution, GoAnywhere.

Although Crown Resorts has confirmed that it is currently being extorted by the Clop gang (which claims to have exfiltrated data from the company’s networks), it has added that there is no evidence to suggest that the data breach has impacted customers.

An official statement from Crown Resorts explained:

“We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority. We can confirm no customer data has been compromised, and our business operations have not been impacted.”

Crown Resort has also stated that it will continue to work alongside law enforcement agencies to continue its investigation of the recent security incident and intends to provide updates should new evidence regarding the event surface.

Victims of the GoAnywhere breach

Crown Resorts is just the latest name in a lengthy list of high-profile victims who have confirmed that they have been affected by the GoAnywhere vulnerability. Others include CHS, Rubrik, Hatch Bank, the City of Toronto, Procter & Gamble, Saks Fifth Avenue and Hitachi Energy,

While the Clop ransomware gang is still extorting its victims with threats of releasing the data stolen from their private networks, it has not yet disclosed any files on its dark web leak site.

At the same time, Fortra, the vendor of GoAnywhere, is now facing the possibility of a damaging class action lawsuit in the US. It is accused of failure to implement sufficient cybersecurity measures to safeguard the private data that it stores on its network.

While Fortra has offered the plaintiff, (a customer of Hatch Bank customer) a year’s worth of free fraud protection and identity monitoring services, the software vendor’s gesture was dismissed as being insufficient to mitigate what represents a lifetime risk regarding personal data exposure.

The nefarious Clop ransomware gang has a known history of taking advantage of zero-day flaws in software to steal data from firms and perform large-scale extortion.

Back in December 2020, it abused a zero-day flaw discovered in Accellion FTA to harm more than a hundred enterprises, including Kroger, Shell, Qualys, and multiple Universities, demanding $10 million as payment for non-disclosure.