CLOP Ransomware avoids takedowns by using torrents


Clop Ransomware, a notorious cybercriminal gang based in Russia and exclusively targeting companies in the United States, has recently changed its tactics to evade law enforcement surveillance. Instead of using traditional websites to sell stolen data, the gang has adopted a new strategy of leaking data related to the victims of the MoveIT cyber-attack through torrents.

This group made headlines after infiltrating the MoveIT software database on May 27th, 2023, compromising sensitive information from nearly 600 organizations worldwide. Subsequently, they demanded a ransom from the victims and then began leaking the victims’ details starting in June 2023. Initially, the leaked data was distributed through Clearweb websites accessible only via the TOR browser. However, the FBI and CIA took action against these sites, forcing Clop to find an alternative approach.

To circumvent law enforcement, Clop decided to use torrents for distributing the stolen information from the MOVEit attack. They began publishing magnetic links to the remaining 20-27 victims, which not only helps them avoid detection but also addresses the issue of slow transfer speeds.

Cybersecurity firm Coverware estimates that Clop could earn an extortion payment of $60-$90 million with this latest move of using Torrent downloads.

Clop has a history of engaging in double extortion attacks, pressuring victims by disclosing breach details to the victimized company’s partners and customers. To exacerbate the situation, the gang often launches DDoS attacks on the victims’ networks, causing significant revenue losses and tarnishing the affected companies’ reputation.

This new tactic showcases the adaptability and sophistication of Clop Ransomware, making them a formidable threat to organizations’ cybersecurity and emphasizing the need for enhanced measures to counter such attacks.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display