The Clop Ransomware Gang, a group of notorious cybercriminals hailing from Russia, is quickly becoming a global cyber security threat as the group has used a new zero day exploit to target several private companies, government organisations and more in the past few days. Cyber security experts have put the number of known affected organisations at over 60, highlighting the large scale of operations conducted by the cybercriminals. 

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

“Clop has listed multiple other victims, including the University of Missouri System, Aon, and the Boston Globe. By my count, there are now 63 known/confirmed victims plus an unspecified number of USG (US government) agencies. Cl0p has also updated its statement,” wrote 

Brett Callow, a cyber security threat analyst at Emsisoft, on Twitter. 

 

 

What is Clop Ransomware Gang?

Clop, also known as Cl0p, is a Russian hacking group that is particularly known for its deployment of ransomware. Their modus operandi involves breaching the security of an organization's data infrastructure, encrypting their files, and demanding ransom payments. The group poses an additional threat by threatening to leak stolen data if their ransom demands are not met.

Clop has claimed numerous victims in the past, some of which include major corporations and large-scale organisations such as Qualys, Shell, British Airways, the BBC, and ExecuPharm. Other victims include educational institutions and even government organizations like Stanford University, the University of California, and various local and state governments. It's estimated that the damage caused by the gang's cybercrimes amounts to over $500 million.

Recent activities and Arrests

The group has suffered recent setbacks in their operations, including the arrests of six members in Ukraine as part of a global law enforcement operation. These arrests were a result of Operation Cyclone, a 30-month-long investigation coordinated by Interpol and involving the United States and South Korea.

The arrested individuals were primarily associated with the money-laundering aspect of the gang's operations, leaving the core members, who conduct the actual cyber-attacks, still at large. As a result, despite the disruptions caused by these arrests, the group's activities have continued largely unaffected.

Tactics and Strategies

The Clop ransomware gang has deployed a variety of tactics to execute its cyber-attacks. One of their methods involves the exploitation of a flaw in the Accellion File Transfer Appliance, which allowed them to gain unauthorized access to their victims' data.

The gang engages in extensive extortion tactics that extend beyond merely demanding ransom payments. These tactics include notifying customers and partners of the breached companies and publishing sensitive data. They maintain a dark web site where they list their victims and allegedly leaked data.

Microsoft security researchers also attributed the recent mass hacking attempts on a successful exploitation of a zero-day vulnerability in the popular internet-based file transfer tool MOVEit Transfer by the group.