\n<\/p>\n
Software maker Fortra told its corporate customers that their data was safe \u2014 even when it wasn\u2019t \u2014 following a ransomware attack on its systems, TechCrunch has learned.<\/p>\n
As we have been reporting<\/a>, the Clop ransomware gang exploited a newly discovered bug in Fortra\u2019s GoAnywhere file transfer software, used by thousands of organizations to transfer sensitive data over the internet. The bug allowed the ransomware gang to hack in and carry out a mass ransomware attack<\/a> on January 31. The Russia-linked Clop gang claimed it compromised about 130 organizations who were using the vulnerable GoAnywhere tool at the time of the ransomware attack.<\/p>\n Now, new victims are coming to light.<\/p>\n Consumer goods giant Procter & Gamble confirmed to TechCrunch that it was \u201cone of the many companies affected by Fortra\u2019s GoAnywhere incident\u201d and that hackers had obtained some information of its employees as a result. Healthcare and wellness program provider US Wellness<\/a> also disclosed this week that consumers\u2019 personal and protected health data may have been compromised because of a third-party breach. TechCrunch has learned that US Wellness was a GoAnywhere customer at the time of the ransomware attack.<\/p>\n As the number of victims grows, more details are also beginning to come to light about how Fortra handled the incident.<\/p>\n TechCrunch has heard from two victim organizations that only learned that data had been exfiltrated from their GoAnywhere systems after they each received a ransom demand. Both organizations had been previously told by Fortra that their data was unaffected by the ransomware attack.<\/p>\n One of the organizations told TechCrunch that they realized the situation had changed when it was contacted by the purported hackers, but said that the organization has not entered into any negotiations or paid a ransom demand.<\/p>\n When asked about this by email, Fortra spokesperson Rachel Woodford would not comment but did not dispute what the two organizations had told us or that Fortra had told customers their data was safe. Fortra did not make CISO Chris Reffkin available for an interview.<\/p>\n The full impact of the mass-hack resulting from the GoAnywhere vulnerability remains unknown. Fortra would not say, despite repeated requests by TechCrunch, if the company\u2019s in-house GoAnywhere systems storing customers\u2019 data were compromised during the ransomware attack.<\/p>\n The Clop ransomware gang has added dozens of new victims to its dark web leak site over the past few days \u2014 including payment software startup AvidXchange, investment giant Onex, the U.K.\u2019s Pension Protection Fund, and the City of Toronto, \u2014 all of which were identified by TechCrunch<\/a> as organizations that used vulnerable GoAnywhere file transfer software at the time of the breach, along with dozens of other organizations.<\/p>\n It follows other additions to its leak pages, including Colombian energy giant Grupo Vanti, Australian gambling giant Crown Resorts, and Medex Healthcare.<\/p>\n Fortra has not yet publicly confirmed its January breach beyond an inaccessible advisory on its website. Fortra\u2019s most recent press release on March 16 announced<\/a> that the company had been awarded \u201cbest cybersecurity company\u201d by the Cybersecurity Excellence Awards, an industry award paid for by submitting companies and which Fortra sponsors<\/a>.<\/p>\n<\/p><\/div>\n