Over the weekend, the Clop ransomware group continued its aggressive campaign by leaking data from several global companies, showing no signs of slowing down. Notable organizations such as Hopkins, Hess, and United Bank have already fallen victim to these data breaches, highlighting the severity of the situation. This is part of a larger cybercrime spree known as the MOVEit cyber attacks, which has been causing panic among organizations since May 2023.
The scale of the breaches is staggering, with over 1,000 victims and counting. This includes well-known companies like SMA, JP Receivables Management Partners, Franklin Mint Federal Credit Union, Gripa, Japan Tobacco International, Yakult, and many others affected by the MOVEit vulnerability.
What is particularly notable about the recent activity by the Clop ransomware group is the intensity of their actions over the weekend. Typically, weekends are quieter for ransomware groups, but Clop capitalized on this timeframe to target new victims. Upon closer inspection, it is clear that the group is actively spreading their ransomware, with only 249 posted victims remaining and 149 leaks disclosed thus far. While these figures may seem modest considering the group’s previous cyber attacks, it is important to recognize the potential implications for organizations like IBM and Rutgers who have also been affected.
Despite the seriousness of the situation, obtaining official statements from the victimized companies has proven challenging. The complexity of the matter, coupled with the sensitivity of the disclosed data, has led these entities to be reluctant to issue formal comments or statements at this time. Journalists from The Cyber Express have reached out to these affected organizations for insights and responses, but as of now, no official response has been received.
In addition to these data breaches, the Clop ransomware group has implemented a new strategy. They are now specifically targeting vulnerabilities within the MOVEit platform. On August 10, the group announced that companies that failed to acknowledge their data breaches would be publicly exposed. To encourage compliance, the group offered a “significant discount” to those who cooperated. The recent leak of victim data demonstrates the group’s determination to enforce their demands. The group’s posts have threatened the victims, stating that starting on August 15, they will publicly reveal every company on the list that fails to make contact.
One unique aspect of the Clop ransomware group’s approach is their intention to make the stolen data easily accessible on the surface-level internet, eliminating the need for potential buyers to navigate the dark web. This adds an additional layer of concern and shows the group’s confidence in their ability to distribute and profit from the stolen information.
The impact of the MOVEit cyber attacks has been significant. Since May 2023, over 1,000 organizations have fallen victim, with new data breaches being announced almost every other day. As the saga between the Clop ransomware group and the MOVEit vulnerability continues to unfold, it is becoming clear that Clop is one of the largest ransomware groups of 2023. Their exploitation of the MOVEit vulnerability solidifies their position as one of the most notorious cybercriminals of all time.
Media Disclaimer: This report is based on research conducted internally and externally through various sources. The information provided is solely for reference purposes, and individuals who rely on it assume full responsibility. The Cyber Express assumes no liability for the accuracy or consequences of using this information.