A criminal gang nicknamed Clop has stolen data from payroll services provider Zellis in a breach affecting the personal information of tens of thousands of employees at British Airways, Boots and the BBC. The flaw was in a file transfer tool, MOVEit, made by the US software business Progress. Overall, ransomware attacks appear to be declining: in the US, the FBI said losses due to ransomware dropped from $49 million in 2021 to $34 million last year while Mandiant, a cybersecurity firm, said the proportion of global data intrusions involving ransomware fell from 23 per cent in 2021 to 18 per cent in 2022. Increasingly effective law enforcement and the declining value of crypto help explain the shift. Over two years after the SolarWinds hack, however, software supply chains remain a weak spot in corporate defences.
