back to article After oil giant Shell hit by Clop ransomware gang, workers' visas dumped online as part of extortion attempt

Royal Dutch Shell is the latest corporation to be attacked by the Clop ransomware gang. The extortionists siphoned sensitive documents from a software system used by the oil giant, and have now leaked online some of the data – notably a selection of workers' passport and visa scans – to chivy the corporation along to cough up a …

  1. cantankerous swineherd

    "Shell uses this appliance to securely transfer large data files"

    when will these turkeys realise that there's no such thing as security on the internet?

    1. Terry 6 Silver badge

      There is a considerable amount of irony in there, isn't there.

  2. Potemkine! Silver badge

    Tout va très bien Madame la Marquise!

    When I read the PS BS thrown by these companies after being caught red-handed because of lax behaviour on cybersecurity (often caused by underfunding of IT and a culture of irresponsibility) , I think to this old french song

  3. Claptrap314 Silver badge

    Okay, Shell is not an IT company....

    But SURELY they've got enough semi-competent IT people to, I don't know, use scp?

    Why even consider some ridiculous proprietary solution to a problem which has been well and truly solved by the OS community for decades?

    1. Anonymous Coward
      Anonymous Coward

      Re: Okay, Shell is not an IT company....

      It's not quite that easy.

      scp copies from a client to a server or downloads in the opposite direction. In the scenario here, you have two clients sitting in their respective networks behind their respective firewalls and none of them is running a publicly accessible ssh server on their machines - or at least they shouldn't be.

      So it's back to the basic problem of needing an intermediary platform accessible to both clients and having a publicly accessible and attackable server. Of course, https only access and strong credentials would be required and this is where these solutions sometimes falls over.

      1. Claptrap314 Silver badge

        Re: Okay, Shell is not an IT company....

        Either they are accessible to the internet, or they are not. If they are not, then there is no "intermediary" to attach to. If they are, there MANY known ways to secure communications that don't involve proprietary solutions or central servers.

  4. FlamingDeath Silver badge

    ‘Shell has been impacted by a data security incident involving Accellion’s File Transfer Appliance. Shell uses this appliance to securely transfer large data files."’

    WRONG

    Its clearly not secure

    But the user license agreement should of given a clue to this minor detail, which basically might as well say “provided as is, use at your own risk” etc etc

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022