BBC, Boots, BA warned not to pay Russian hackers after payroll data stolen

Firms caught up in the global payroll data hack that included Boots, British Airways and the BBC were on Tuesday warned not to give in to blackmail threats.

Russia-linked ransomware group Clop claimed responsibility for the cyber attack, which hit companies on Monday after hackers exploited a flaw in file transfer software known as MOVEit, used by UK-based payroll provider Zellis.

Professor Ciaran Martin, a former head of cyber security at the UK's spying and intelligence surveillance agency GCHQ and who set up the National Cyber Security Centre, said victims could be more susceptible to “sophisticated identity fraud” but warned companies against paying the criminals to prevent the stolen data being leaked online.

“It looks like the BBC, Boots, BA and others are caught up in a very significant global data heist...This group of criminals are going to have massive amounts of personal data, sadly, and they’re going to look through it and see what is most extortable," he told the BBC.

“They will then come to organisations and threaten them with publication of this data if they don’t pay. So they’ll look for the most damaging data and the strong advice will be to the organisations not to pay.

“What they might do, then more covertly is they might seek to monetise this data. It’s unlikely, certainly in the case of organisations like the BBC, to be something that you could just take and empty your bank account."

“But it does leave those affected more susceptible to sophisticated identity fraud, so they might try to develop techniques for scamming and so forth."

Zellis did not name its clients caught up in the attack, but BA, the BBC and Boots confirmed their employees were among the victims.

Reporting by Frank Prenesti for Sharecast.com