Weekend Strike: Clop Ransomware Group Leaks Data of MOVEit Victims

Over the course of the weekend, the Clop ransomware group has been actively disseminating data from numerous global companies with no signs of slowing down.

Prominent entities like Hopkins, Hess, and United Bank have already fallen victim to data leaks, underscoring the scale of the breach.

These victims are part of a bigger cybercrime spree that has been going on for the last few months — the MOVEit cyber attacks that created panic among organizations in May 2023. 

The scale of the situation is significant, as the tally of Clop Ransomware’s victims has already surpassed 1,000 and is continuously growing.

The list of victims includes prominent names such as SMA, JP Receivables Management Partners (formerly JP Recovery Services, Inc.), Franklin Mint Federal Credit Union, Gripa, Japan Tobacco International, Yakult, and many other organizations impacted by the MOVEit vulnerability.

Even though the weekend is typically a quieter period for ransomware groups, the intensity of this weekend’s activity by Clop suggests a distinct motivation.

Clop ransomware group names new victims over the weekend

A closer inspection reveals interesting details about the victims of the MOVEit cyber attacks.

The ongoing rampage by Clop Ransomware is evident, with a diminishing count of 249 posted victims remaining and 149 torrents or leaks disclosed so far. It is a seemingly modest figure considering the scale of their cyber attacks in the past few months. 

Notable organizations like IBM, Rutgers, and others are among the affected parties, with potential implications yet to unfold. 

Despite the evident seriousness of the situation, securing official statements from the companies that have fallen victim to these attacks has proven to be a formidable challenge.

The complexity of the matter and the potential sensitivity of the disclosed data have contributed to the reluctance of these victimized entities to issue formal comments or statements at this time.

The Cyber Express reached out to several of the affected organizations, seeking insights and responses. However, at the time of writing, no official response has been received. 

The Clop ransomware group and its unique tactics

In addition to this data breach, the Clop ransomware group has adopted a recent change in strategy, strategically targeting the vulnerabilities within the MOVEit platform with their attacks.

On August 10, the group announced that the companies who had refrained from acknowledging data breaches would be posted. 

To incentivize compliance with their demands, the group extended an unexpected offer of a “significant discount.”

The recent leak of victim data showcases the group’s tenacity in demanding compliance.

The group’s posts threatened the victims, stating, “On August 15, we start publishing every company on the list that do not contact.” 

A noteworthy aspect of the group’s approach is their intention to make the stolen data accessible on the surface-level internet, eliminating the need to use the dark web to access the data. 

The ripple effect of the MOVEit cyber attacks has been nothing short of staggering. Over 1,000 organizations have fallen victim since May 2023, with new data breaches announced almost every other day.

As the saga of the Clop ransomware group and the MOVEit vulnerability continues to unfold, one thing remains certain – Clop ransomware group is probably one of the biggest ransomware groups of 2023, and their recent MOVEit vulnerability exploitation makes them one of the biggest cyber criminals of all time.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.