The state of Illinois was victimized in a recent ransomware attack that occurred when a group of cyber criminals “exploited a vulnerability in a widely used third-party file transfer system,” state officials said.
The Illinois Department of Innovation and Technology said Friday that the Cybersecurity and Infrastructure Security Agency and FBI have attributed the attack, which occurred on May 31, to the CL0P Ransomware Gang, also known as TA505. The attackers, according to the federal agencies, exploited a "previously unknown structured query language injection vulnerability" in the MOVEit Transfer system. The system's web applications were infected with a specific malware, which was then used to steal data from the program's databases, according to the CISA and FBI.
In the minutes following the attack, Illinois' DoIT said it disconnected all associated systems that utilized the third-party software and engaged its security incident response team to conduct a forensic analysis.
While the department said on Friday that the full extent of the incident was still being determined, it's believed that a large number of people could be impacted. The agency explained that once a determination of everyone impact is finalized, it will issue a public notice of the incident "as expeditiously as possible." At that time, DoIT will set up a call center for impacted parties in need of assistance.
Feeling out of the loop? We'll catch you up on the Chicago news you need to know. Sign up for the weekly Chicago Catch-Up newsletter here.
