Security News > 2023 > June > Clop ransomware claims responsibility for MOVEit extortion attacks

The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data.
Conducting attacks around holidays is a common tactic for the Clop ransomware operation, which has previously undertaken large-scale exploitation attacks during holidays when staff is at a minimum.
While Clop would not share the number of organizations breached in the MOVEit Transfer attacks, they said that victims would be displayed on their data leak site if a ransom was not paid.
Finally, and unprompted, the ransomware gang told BleepingComputer that they had deleted any data stolen from governments, the military, and children's hospitals during these attacks.
While Clop started as a ransomware operation, the group previously told BleepingComputer that they are moving away from encryption and prefer data-theft extortion instead. We also saw our first disclosures from organizations breached in Clop's MOVEit data-theft attacks.
As we have seen with previous Clop attacks on managed file transfer platforms, we will likely see a long stream of company disclosures as time goes on.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)