A prolific cybercrime gang thought to be based in Russia has issued an ultimatum to victims of a hack that has hit organisations around the world.
According to the BBC, the Clop group posted a notice on the dark web warning firms affected by the MOVEit hack to email them before 14 June or stolen data will be published.
More than 100,000 staff at the BBC, British Airways and Boots have been told payroll data may have been taken.
Employers are being urged not to pay up if the hackers demand a ransom.
Cyber security research previously suggested Clop could be responsible for the hack which was first announced last week.
The criminals found a way to break into a piece of popular business software called MOVEit and were then able to use that access to get into the databases of potentially hundreds of other companies.
Analysts at Microsoft said on Monday they believed Clop was to blame, based on the techniques used in the hack.
It has now been confirmed in a long blog post written in broken English.
The post, seen by the BBC, reads: “This is an announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of the exceptional exploit.”
The post goes on to urge victim organisations to send an email to the gang to begin a negotiation on the crew’s darknet portal.
This is an unusual tactic as normally ransom demands are emailed to victim organisations by the hackers, but here they are demanding that victims get in touch. This could be because Clop itself can’t keep up with the scale of the hack which is still being processed around the world.
“My take is that they just have so much data that it is difficult for them to get on top of it all. They’re betting that if you know then you will contact them,” says SOS Intelligence CEO Amir Hadžipasić.
MOVEit is supplied by Progress Software in the US for many businesses to securely move files around company systems. Payroll services provider Zellis, which is based in the UK, was one of its users.