Bill Toulas reports:
The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands.
The cybercriminals announced that they are contacting those companies directly to provide links to a secure chat channel for conducting ransom payment negotiations. They also provided email addresses where victims can reach out themselves.
In the notification on their leak site, Clop lists 66 partial names of companies that did not engage the hackers for negotiations. If these companies continue to ignore, Clop threatens to disclose their full name in 48 hours.
Read more at Bleeping Computer.
Comment:
Clop has a history of finding and exploiting vulnerabilities in file transfer software. In the past, they successfully attacked entities by exploiting vulnerabilities in Accellion, GoAnywhere, and MOVEit software. And now Cleo’s software? In each of the prevous campaigns, there were more than 100 victims each, with many victims each affecting numerous clients.
Clop does not need to encrypt its victims. By simply exfiltrating data, they position themselves as having at least some leverage to extort the companies, threatening to leak data from those who do not pay. Clop generally follows up on its threats.
Clop’s attacks have affected countless people. In an awareness campaign, a self-described watchdog called “Nam3L3ss” recently started leaking data that had been exfiltrated from Delta Dental in May of 2023 due to the MOVEit vulnerability. The data were previously leaked by Clop itself, but now may be reaching a new or even broader audience due to its leak on a clear net forum.
When Delta Dental reported its breach to Maine on behalf of affiliates and clients, it reported almost 7 million people affected. And Delta Dental was just one of the companies or insurers that Clop had hit.
So when is the world going to wake up or reassess the risks of using commercial file transfer software that transmits unencrypted data? Why is it still being used?
In one of his posts, Nam3L3ss quoted something often attributed to Einstein — that the definition of insanity is doing the same thing over and over again and expecting a different result. Is using file transfer software that transmits unencrypted data an act of insanity? Or are insurers and covered entities just accepting the likelihood of a serious attack that will affect millions of people? And if they are, then maybe we are the insane ones for not prohibiting this.